* Connection between two clients
@ 2018-08-15 7:17 Andreas Fink
2018-08-16 19:40 ` Kalin KOZHUHAROV
0 siblings, 1 reply; 4+ messages in thread
From: Andreas Fink @ 2018-08-15 7:17 UTC (permalink / raw)
To: wireguard
Hello,
I have a problem establishing a direct connection between two clients,
my setup is the following:
Client1 <--> Server <--> Client2
i.e. I have a publicly reachable server, and two clients that are
connected to the server. My configurations are:
Server.conf
[Interface]
PrivateKey = ServerPrivateKey
ListenPort = 51820
Address = 192.168.12.1/24
[Peer]
PublicKey = Client1PublicKey
AllowedIPs = 192.168.12.3/32
[Peer]
PublicKey = Client1PublicKey
AllowedIPs = 192.168.12.2/32
Client1.conf
[Interface]
PrivateKey = Client1PrivateKey
ListenPort = 21003
Address = 192.168.12.3/24
[Peer]
PublicKey = ServerPublicKey
Endpoint = myserver.com:51820
AllowedIPs = 192.168.12.1/24
PersistentKeepalive = 25
Client2.conf
[Interface]
PrivateKey = Client2PrivateKey
ListenPort = 21002
Address = 192.168.12.2/24
[Peer]
PublicKey = ServerPublicKey
Endpoint = myserver.com:51820
AllowedIPs = 192.168.12.1/24
PersistentKeepalive = 25
I am able to ping between client1 to server and client2 to server.
However trying to ping client2 from client1 directly fails...
Looking at the server with tcpdump I can see, that there is an incoming
ping from 192.168.12.3 > 192.168.12.2, however there is nothing
reaching at 192.168.12.2. The ping is not forwarded to 192.168.12.2.
Do I need to setup iptables rules? What's the easiest way to get a
direct connection between two clients?
Cheers
Andreas
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Connection between two clients
2018-08-15 7:17 Connection between two clients Andreas Fink
@ 2018-08-16 19:40 ` Kalin KOZHUHAROV
2018-08-16 19:52 ` Eldon
2018-08-17 6:00 ` Andreas Fink
0 siblings, 2 replies; 4+ messages in thread
From: Kalin KOZHUHAROV @ 2018-08-16 19:40 UTC (permalink / raw)
To: Andreas Fink; +Cc: WireGuard mailing list
[-- Attachment #1: Type: text/plain, Size: 252 bytes --]
Probanly a routing problem, check `ip route show` on (one) client and
server.
Also you might need to enable ip forwarding on server (usually enabled on
firewalls and routers). No iptables are not necessary if everything is one
subnet.
Cheers,
Kalin.
[-- Attachment #2: Type: text/html, Size: 403 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Connection between two clients
2018-08-16 19:40 ` Kalin KOZHUHAROV
@ 2018-08-16 19:52 ` Eldon
2018-08-17 6:00 ` Andreas Fink
1 sibling, 0 replies; 4+ messages in thread
From: Eldon @ 2018-08-16 19:52 UTC (permalink / raw)
To: WireGuard mailing list
Here is some documentation on how some of this can be done:
https://unix.stackexchange.com/questions/14056/what-is-kernel-ip-forwarding/14058#14058
https://docs.fedoraproject.org/en-US/Fedora/18/html/Security_Guide/sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html
On Thu, Aug 16, 2018 at 09:40:20PM +0200, Kalin KOZHUHAROV wrote:
> Probanly a routing problem, check `ip route show` on (one) client and
> server.
>
> Also you might need to enable ip forwarding on server (usually enabled on
> firewalls and routers). No iptables are not necessary if everything is one
> subnet.
>
> Cheers,
> Kalin.
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Connection between two clients
2018-08-16 19:40 ` Kalin KOZHUHAROV
2018-08-16 19:52 ` Eldon
@ 2018-08-17 6:00 ` Andreas Fink
1 sibling, 0 replies; 4+ messages in thread
From: Andreas Fink @ 2018-08-17 6:00 UTC (permalink / raw)
To: Kalin KOZHUHAROV; +Cc: WireGuard mailing list
On Thu, 16 Aug 2018 21:40:20 +0200
Kalin KOZHUHAROV <me.kalin@gmail.com> wrote:
> Probanly a routing problem, check `ip route show` on (one) client and
> server.
>
> Also you might need to enable ip forwarding on server (usually
> enabled on firewalls and routers). No iptables are not necessary if
> everything is one subnet.
>
> Cheers,
> Kalin.
Yes, the ip forwarding was the trick I was missing.
Maybe it is worth adding a note in the documentation/quick start guide
that this is needed for client-to-client communication through a server.
Thank you
Andreas
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-08-17 5:48 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-08-15 7:17 Connection between two clients Andreas Fink
2018-08-16 19:40 ` Kalin KOZHUHAROV
2018-08-16 19:52 ` Eldon
2018-08-17 6:00 ` Andreas Fink
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).