From: "Michael B. Williams" <Michael.Williams@glexia.com>
To: "Adrián Mihálko" <adriankoooo@gmail.com>
Cc: wireguard@lists.zx2c4.com
Subject: Re: Routing between multiple wg interfaces
Date: Thu, 12 Sep 2019 16:35:23 -0400 [thread overview]
Message-ID: <CAGj=18EL2QEDBufGaux6=wA8HceF8+V0giPdZRZjs8NxfhObqA@mail.gmail.com> (raw)
In-Reply-To: <CA+Hw3ebSHKAa_WaOsXYezP_n3o2rQfbLvaRoGYH8SpF92=7fBg@mail.gmail.com>
[-- Attachment #1.1: Type: text/plain, Size: 3497 bytes --]
I'm a bit confused about your configuration files - could you better
organize them and present including the underlying host they are on? From
the question, it's unclear as to whether there are multiple WireGuard
servers or a single server. I see you reference pinging 192.168.1.0/24 but
I do not see any configurations showing that CIDR.
You may need a masquerade or SNAT for your WireGuard (wg0/wg1) interface.
Otherwise, the forwarded packets will be from an invalid range/host and
discarded depending on the exact configuration.
I.e. if your traffic is coming into the server from client -> wg1 but
leaving (forwarding) to wg0 then you'll need a masquerade on wg0 iptables
-t nat -A POSTROUTING -o wg0 -j MASQUERADE
------------------------------
*Michael B. Williams*
Glexia, Inc. - An IT Company
USA Direct: +1 978 477 6797
USA Toll Free: +1 800 675 0297 x101
AUS Direct: +61 3 8594 2265
AUS Toll Free: +61 1800 931 724 x101
Fax: +1.815-301-5570
Michael.Williams@glexia.com
https://www.glexia.com/
https://www.glexia.com.au/
*Legal Notice:*
The information in this electronic mail message is the sender's
confidential business and may be legally privileged. It is intended solely
for the addressee(s). Access to this internet electronic mail message by
anyone else is unauthorized. If you are not the intended recipient, any
disclosure, copying, distribution or any action taken or omitted to be
taken in reliance on it is prohibited and may be unlawful.
On Thu, Sep 12, 2019 at 3:33 PM Adrián Mihálko <adriankoooo@gmail.com>
wrote:
> I am trying to route between multiple WG interfaces.
>
> On my primary server:
>
> wg0.conf:
>
> [Interface]
> Address = 192.168.6.4/24
> ListenPort = 51820
> PrivateKey =
> PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j
> ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i
> -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
>
> [Peer]
> PublicKey =
> AllowedIPs = 192.168.6.1/32, 192.168.1.0/24
> Endpoint = xy.com:51820
>
> wg1.conf:
>
> [Interface]
> Address = 192.168.9.1/24
> ListenPort = 51821
> PrivateKey =
>
> PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j
> ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i
> -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
>
> [Peer]
> PublicKey =
> AllowedIPs = 192.168.9.3/32
>
> ---
>
> With wg0 I am connecting to an other server (xy.com:51820). On wg1 I am
> accepting client connections.
>
> On this server I can ping everything, so connection is working well.
>
> ping 192.168.6.1 - works
> ping 192.168.1.xxx - works
>
> ping 192.168.9.3 - works
>
> ---
>
> Now I am connecting my client to this server (client 192.168.9.3):
>
> [Interface]
> PrivateKey =
> Address = 192.168.9.3/24
> DNS = 192.168.9.1
>
> [Peer]
> PublicKey =
> AllowedIPs = 192.168.9.1/32, 192.168.1.0/24
> Endpoint = primaryserver:51821
>
>
> I can ping server 192.168.9.1 as expected, but I am unable to ping any of
> my devices in 192.168.1.0/24.
>
> Anyone knows what's the problem here?
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
>
[-- Attachment #1.2: Type: text/html, Size: 8590 bytes --]
[-- Attachment #2: Type: text/plain, Size: 148 bytes --]
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
prev parent reply other threads:[~2019-09-13 12:07 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-12 19:27 Routing between multiple wg interfaces Adrián Mihálko
2019-09-12 20:35 ` Michael B. Williams [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAGj=18EL2QEDBufGaux6=wA8HceF8+V0giPdZRZjs8NxfhObqA@mail.gmail.com' \
--to=michael.williams@glexia.com \
--cc=adriankoooo@gmail.com \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).