WireGuard Archive on lore.kernel.org
 help / Atom feed
* wireguard works for 10.0.0.x/24, but not for 10.10.10.x/24
@ 2018-08-25  2:12 Sitaram Chamarty
  2018-08-25  9:47 ` Morten Christensen
  0 siblings, 1 reply; 3+ messages in thread
From: Sitaram Chamarty @ 2018-08-25  2:12 UTC (permalink / raw)
  To: wireguard

Hi

I have a very peculiar problem.

My wireguard server serves up for my laptop and phone using
10.0.0.1 as its own IP, and .2 and .3 respectively as my laptop
and phone's IPs.

But if I switch it to any other subnet, like 192.168.25.x/24, or
even 10.10.10.x/24, it does not work.

(Before someone asks, yes I did remember to change the wg0.conf
on both sides before flipping the switch.)

I can provide more details, I can run any debugging commands you
ask me to, but there is literally no other difference except a
`:%s/10.0.0/10.10.10/g` in /etc/wireguard/wg0.conf, on both
sides.

I am using the wg-quick command, if it matters.

I can ping from the laptop to the server (10.10.10.2 ->
10.10.10.1).  I can access services running locally on the
server (such as tcp/80 or udp/53).  "traceroute" will show the
first hop as 10.10.10.1, but after that -- silence.  It just
won't go beyond that.

So whatever it is, it seems to be on the server side. Packets
make it to the remote endpoint, but don't get routed out to the
internet after that.

Both sides are running the same version of wireguard (20180809).
Server is CentOS 7.4, client is Fedora 28.

Does anything in this ring a bell for anyone?

thanks
sitaram

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: wireguard works for 10.0.0.x/24, but not for 10.10.10.x/24
  2018-08-25  2:12 wireguard works for 10.0.0.x/24, but not for 10.10.10.x/24 Sitaram Chamarty
@ 2018-08-25  9:47 ` Morten Christensen
  2018-08-25 13:16   ` Sitaram Chamarty
  0 siblings, 1 reply; 3+ messages in thread
From: Morten Christensen @ 2018-08-25  9:47 UTC (permalink / raw)
  To: wireguard

Den 25-08-2018 04:12, skrev Sitaram Chamarty:
> Hi
>
> I have a very peculiar problem.
>
> My wireguard server serves up for my laptop and phone using
> 10.0.0.1 as its own IP, and .2 and .3 respectively as my laptop
> and phone's IPs.
>
> But if I switch it to any other subnet, like 192.168.25.x/24, or
> even 10.10.10.x/24, it does not work.
>
> (Before someone asks, yes I did remember to change the wg0.conf
> on both sides before flipping the switch.)
>
> I can provide more details, I can run any debugging commands you
> ask me to, but there is literally no other difference except a
> `:%s/10.0.0/10.10.10/g` in /etc/wireguard/wg0.conf, on both
> sides.
>
> I am using the wg-quick command, if it matters.
>
> I can ping from the laptop to the server (10.10.10.2 ->
> 10.10.10.1).  I can access services running locally on the
> server (such as tcp/80 or udp/53).  "traceroute" will show the
> first hop as 10.10.10.1, but after that -- silence.  It just
> won't go beyond that.
>
> So whatever it is, it seems to be on the server side. Packets
> make it to the remote endpoint, but don't get routed out to the
> internet after that.

Most times vpn-packets get a step further. The remote endpoint do not 
know how to return them to the vpn-server.

Is your wireguard-server the router/gateway on your system ?

--

Morten Christensen

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: wireguard works for 10.0.0.x/24, but not for 10.10.10.x/24
  2018-08-25  9:47 ` Morten Christensen
@ 2018-08-25 13:16   ` Sitaram Chamarty
  0 siblings, 0 replies; 3+ messages in thread
From: Sitaram Chamarty @ 2018-08-25 13:16 UTC (permalink / raw)
  To: Morten Christensen; +Cc: wireguard

On Sat, Aug 25, 2018 at 11:47:11AM +0200, Morten Christensen wrote:
> Den 25-08-2018 04:12, skrev Sitaram Chamarty:
> > Hi
> > 
> > I have a very peculiar problem.
> > 
> > My wireguard server serves up for my laptop and phone using
> > 10.0.0.1 as its own IP, and .2 and .3 respectively as my laptop
> > and phone's IPs.
> > 
> > But if I switch it to any other subnet, like 192.168.25.x/24, or
> > even 10.10.10.x/24, it does not work.
> > 
> > (Before someone asks, yes I did remember to change the wg0.conf
> > on both sides before flipping the switch.)
> > 
> > I can provide more details, I can run any debugging commands you
> > ask me to, but there is literally no other difference except a
> > `:%s/10.0.0/10.10.10/g` in /etc/wireguard/wg0.conf, on both
> > sides.
> > 
> > I am using the wg-quick command, if it matters.
> > 
> > I can ping from the laptop to the server (10.10.10.2 ->
> > 10.10.10.1).  I can access services running locally on the
> > server (such as tcp/80 or udp/53).  "traceroute" will show the
> > first hop as 10.10.10.1, but after that -- silence.  It just
> > won't go beyond that.
> > 
> > So whatever it is, it seems to be on the server side. Packets
> > make it to the remote endpoint, but don't get routed out to the
> > internet after that.
> 
> Most times vpn-packets get a step further. The remote endpoint do not know
> how to return them to the vpn-server.
> 
> Is your wireguard-server the router/gateway on your system ?

Thank you!

It is the gateway, and that reminded me that, way back when I
first set it up, I had added an iptables MASQUERADE rule, but
only for 10.0.0.0/24.

I had completely forgotten about this till I saw your reply.

Sorry for the PEBCAK; all good now!

sitaram

> 
> --
> 
> Morten Christensen
> 
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, back to index

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-08-25  2:12 wireguard works for 10.0.0.x/24, but not for 10.10.10.x/24 Sitaram Chamarty
2018-08-25  9:47 ` Morten Christensen
2018-08-25 13:16   ` Sitaram Chamarty

WireGuard Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/wireguard/0 wireguard/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 wireguard wireguard/ https://lore.kernel.org/wireguard \
		wireguard@lists.zx2c4.com zx2c4-wireguard@archiver.kernel.org
	public-inbox-index wireguard


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/com.zx2c4.lists.wireguard


AGPL code for this site: git clone https://public-inbox.org/ public-inbox