I'm a bit confused about your configuration files - could you better organize them and present including the underlying host they are on? From the question, it's unclear as to whether there are multiple WireGuard servers or a single server. I see you reference pinging 192.168.1.0/24 but I do not see any configurations showing that CIDR.

You may need a masquerade or SNAT for your WireGuard (wg0/wg1) interface. Otherwise, the forwarded packets will be from an invalid range/host and discarded depending on the exact configuration.

I.e. if your traffic is coming into the server from client -> wg1 but leaving (forwarding) to wg0 then you'll need a masquerade on wg0  iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE

Michael B. Williams 
Glexia, Inc. - An IT Company
USA Direct: +1 978 477 6797
USA Toll Free: +1 800 675 0297 x101
AUS Direct: +61 3 8594 2265
AUS Toll Free: +61 1800 931 724 x101
Fax: +1.815-301-5570
Michael.Williams@glexia.com
https://www.glexia.com/
https://www.glexia.com.au/

Legal Notice:
The information in this electronic mail message is the sender's confidential business and may be legally privileged. It is intended solely for the addressee(s). Access to this internet electronic mail message by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. 



On Thu, Sep 12, 2019 at 3:33 PM Adrián Mihálko <adriankoooo@gmail.com> wrote:
I am trying to route between multiple WG interfaces. 

On my primary server:

wg0.conf:

[Interface]
Address = 192.168.6.4/24
ListenPort = 51820
PrivateKey = 
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = 
AllowedIPs = 192.168.6.1/32, 192.168.1.0/24
Endpoint = xy.com:51820

wg1.conf:

[Interface]
Address = 192.168.9.1/24
ListenPort = 51821
PrivateKey = 

PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = 
AllowedIPs = 192.168.9.3/32

---

With wg0 I am connecting to an other server (xy.com:51820). On wg1 I am accepting client connections.

On this server I can ping everything, so connection is working well. 

ping 192.168.6.1 - works
ping 192.168.1.xxx - works

ping 192.168.9.3 - works

---

Now I am connecting my client to this server (client 192.168.9.3):

[Interface]
PrivateKey = 
Address = 192.168.9.3/24
DNS = 192.168.9.1

[Peer]
PublicKey = 
AllowedIPs = 192.168.9.1/32, 192.168.1.0/24
Endpoint = primaryserver:51821


I can ping server 192.168.9.1 as expected, but I am unable to ping any of my devices in 192.168.1.0/24

Anyone knows what's the problem here?
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard