* Possible routing issue on CentOS 7
@ 2019-07-24 15:48 randomusername42
0 siblings, 0 replies; only message in thread
From: randomusername42 @ 2019-07-24 15:48 UTC (permalink / raw)
To: wireguard
Hello,
I am trying to setup a server/client configuration wherein the client
sends ALL network traffic to and through the Wireguard server. I have
a setup a CentOS 7 server, a CentOS 7 client, and a Debian 9 client. The
CentOS systems are using wireguard 1:0.0.20190702-1.fc30 from copr. The
Debian system is using wiregard 0.0.20190227-1 from 'sid (unstable)'.
The CentOS server is operational and has the following config:
----------
[Interface]
Address = 10.0.0.1/24
PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 51820
PrivateKey = XX
[Peer]
PublicKey = XX
AllowedIPs = 10.0.0.2/32
[Peer]
PublicKey = XX
AllowedIPs = 10.0.0.3/32
----------
The Debian client is operational and has the following config:
----------
[Interface]
PrivateKey = XX
Address = 10.0.0.2/24
DNS = 1.1.1.1
PostUp = ip route flush cache
PostDown = ip route flush cache
[Peer]
PublicKey = XX
Endpoint = XX:51820
AllowedIPs = 0.0.0.0/0
-----------
Debian client routes (with WG interface active):
-----------
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.X.1 0.0.0.0 UG 1024 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 client
192.168.X.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
----------
CentOS client IS NOT routing traffic over the tunnel. Config:
-----------
[Interface]
PrivateKey = XX
Address = 10.0.0.3/24
DNS = 1.1.1.1
PostUp = ip route flush cache
PostDown = ip route flush cache
[Peer]
PublicKey = XX
Endpoint = XX:51820
AllowedIPs = 0.0.0.0/0
------------
CentOS client routes (with WG interface active):
------------
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.X.1 0.0.0.0 UG 0 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 client
192.168.X.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
-------
In this setup, the Debian client sends all traffic over the tunnel.
I can verify this via watching TCPDUMP, and checking the public IP with
'curl -s checkip.dyndns.com', which returns the ENDPOINT (CentOS 7)
Wireguard server Public IP address.
The CentOS 7 CLIENT, does NOT send all the traffic over this established
tunnel. The WG interface comes up and shows data transferred. I can ping
the endpoint wireguard server via the 10.0.0.1. I can ping the 10.0.0.3
client, from the server. When I run 'curl -s checkip.dyndns.com' on the
CentOS 7 client, I am returned my local Public IP, not the VPN endpoint
Public IP.
I do use the wg-quick utility on all systems to manage the interface.
The CentOS 7 version has a few differences, but nothing that should
cause this anomaly to occur.
Why does the CentOS 7 client NOT route traffic over the tunnel as
expected? How is the same configuration working as expected to tunnel
traffic on the Debian system? Where can I find more information to
explain and fix this issue?
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2019-08-25 15:51 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-07-24 15:48 Possible routing issue on CentOS 7 randomusername42
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).