* Windows Wireguard with Multiple Endpoints in Different Subnets
@ 2020-01-24 12:55 cyberurchin
2020-01-28 10:38 ` Jason A. Donenfeld
0 siblings, 1 reply; 3+ messages in thread
From: cyberurchin @ 2020-01-24 12:55 UTC (permalink / raw)
To: wireguard
Hi Folks,
Here are two question that I have concerning the Windows version of Wireguard.
My setup is as follows: A Windows machine with two Ethernet ports connects to two Linux clients, one on each end. There are two subnets defined for the two ports, 192.168.0.0/24 and 192.168.6.0/24. I need a secure tunnel from the Windows machine to each of the two Linux clients but the two Linux clients do not need to talk to each other.
a) Under Linux, I can define several Wireguad tunnels that work independetly but this doesn't seem to be the case in Windows. In fact, when I activate one tunnel, the other one is automatically deactivated. Why is that?
My work-around looks a little bit like hack but works, in principle. I've defined only one tunnel that includes the two Linux clients as peers even though they are in two different subnets:
[Interface]
PrivateKey = +OdjntqCs/OcJGsdGXXXXXMShNsdUW9EQW33HhvOVlQ=
ListenPort = 51820
Address = 192.168.8.6/24
[Peer]
PublicKey = ujRh46KyQrA0OlJZ77dXXXXXhUd4TaqKkoBhFj6ZlBk=
AllowedIPs = 192.168.8.3/32
Endpoint = 192.168.6.2:51820
[Peer]
PublicKey = 32VGe+PnVCtDio12GcrhKXXXXXlOWqy4ncD6G0U1Mhc=
AllowedIPs = 192.168.8.4/32
Endpoint = 192.168.0.201:51820
So far, so good.
b) The configuration described above breaks when I define a default gateway, e.g. 192.168.0.1. In this case, Wireguard messes up the packages that should go to 192.168.6.2 (the Linux client on the network where the gateway not is) and sends them to 192.168.0.1 (the default gateway). Ping commands to 192.168.6.2, however, work, in the sense that the routing table itself is still ok. It looks like this:
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.202 281
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
192.168.0.0 255.255.255.0 On-link 192.168.0.202 281
192.168.0.202 255.255.255.255 On-link 192.168.0.202 281
192.168.0.255 255.255.255.255 On-link 192.168.0.202 281
192.168.6.0 255.255.255.0 On-link 192.168.6.3 311
192.168.6.3 255.255.255.255 On-link 192.168.6.3 311
192.168.6.255 255.255.255.255 On-link 192.168.6.3 311
192.168.8.0 255.255.255.0 On-link 192.168.8.6 261
192.168.8.3 255.255.255.255 On-link 192.168.8.6 5
192.168.8.4 255.255.255.255 On-link 192.168.8.6 5
192.168.8.6 255.255.255.255 On-link 192.168.8.6 261
192.168.8.255 255.255.255.255 On-link 192.168.8.6 261
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 192.168.0.202 281
224.0.0.0 240.0.0.0 On-link 192.168.6.3 311
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 192.168.0.202 281
255.255.255.255 255.255.255.255 On-link 192.168.6.3 311
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.0.1 Default
===========================================================================
Any ideas?
There is no IPv6. If I remove the default gateway, the two tunnels work again.
Ah, yes, and a final note - there is a related issue here:
https://lists.zx2c4.com/pipermail/wireguard/2019-September/004493.html
The answer to that post also seems to answer my question, too, but I'd like to get confirmation and maybe the world has moved on in the meantime.
Cheers,
Ingo
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Windows Wireguard with Multiple Endpoints in Different Subnets
2020-01-24 12:55 Windows Wireguard with Multiple Endpoints in Different Subnets cyberurchin
@ 2020-01-28 10:38 ` Jason A. Donenfeld
2020-02-11 15:19 ` Ingo Naumann
0 siblings, 1 reply; 3+ messages in thread
From: Jason A. Donenfeld @ 2020-01-28 10:38 UTC (permalink / raw)
To: cyberurchin; +Cc: WireGuard mailing list
On Tue, Jan 28, 2020 at 11:34 AM <cyberurchin@gmail.com> wrote:
> b) The configuration described above breaks when I define a default gateway, e.g. 192.168.0.1.
I didn't quite understand what type of change this sentence implies.
What's the config file after you make the transformation described in
(b)?
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Windows Wireguard with Multiple Endpoints in Different Subnets
2020-01-28 10:38 ` Jason A. Donenfeld
@ 2020-02-11 15:19 ` Ingo Naumann
0 siblings, 0 replies; 3+ messages in thread
From: Ingo Naumann @ 2020-02-11 15:19 UTC (permalink / raw)
To: Jason A. Donenfeld; +Cc: WireGuard mailing list
[-- Attachment #1.1: Type: text/plain, Size: 888 bytes --]
The config file stays the same. The configuration breaks when I define a
default gateway in my network settings (in order to have the Windows
machine connected to the Internet). From that moment on, the packages
destined to the other ethernet port (the one where the default gateway not
is) are showing up on the wrong port (I can see them with Wireshark). But
only the packages from Wireguard, if I do a simple ping, everything works
because the subnets are all still properly defined.
On Tue, Jan 28, 2020 at 11:38 AM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
> On Tue, Jan 28, 2020 at 11:34 AM <cyberurchin@gmail.com> wrote:
> > b) The configuration described above breaks when I define a default
> gateway, e.g. 192.168.0.1.
>
> I didn't quite understand what type of change this sentence implies.
> What's the config file after you make the transformation described in
> (b)?
>
[-- Attachment #1.2: Type: text/html, Size: 1396 bytes --]
[-- Attachment #2: Type: text/plain, Size: 148 bytes --]
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-02-14 11:03 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-01-24 12:55 Windows Wireguard with Multiple Endpoints in Different Subnets cyberurchin
2020-01-28 10:38 ` Jason A. Donenfeld
2020-02-11 15:19 ` Ingo Naumann
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).