From: Samuel Holland <samuel@sholland.org>
To: Dashamir Hoxha <dashohoxha@gmail.com>, wireguard@lists.zx2c4.com
Subject: Re: Using WG to route between two LANs
Date: Tue, 27 Oct 2020 22:22:46 -0500 [thread overview]
Message-ID: <10a379b2-fa4a-a178-7f5f-43e5b111be6e@sholland.org> (raw)
In-Reply-To: <CAMucfLzDBf_AEqDrNsQXCN1gb0C-39c-HnJGBuKJktxYZa2KQg@mail.gmail.com>
Hello,
On 10/22/20 10:43 AM, Dashamir Hoxha wrote:
> I have created a network as shown in this diagram:
> https://cloud.flossk.org/s/ZsLtNLsxmo8rxPD
>
> The red arrows show the WG connections. Only the server has a public IP.
> From client1 I can ping to the internet and also to client4: `ping 192.168.0.3`
> However I cannot ping to the LAN IP of client4: `ping 172.26.0.2`
>
> My ultimate goal is to be able to ping from client2 on LAN1 to client5 on LAN2
> (both of which have no WG configuration and interface), routing through
> the WG network (client1 --> server <-- client4).
>
> Is this possible? I think that it should work, with proper routing,
> but I am not able
> to figure out the proper configurations. Has anybody tried something like this?
> Do you have any suggestions or advice?
Yes, this is possible. You need:
- LAN1 needs to be in the AllowedIPs for client1 on the server
- LAN2 needs to be in the AllowedIPs for client4 on the server
- A route on client1 to LAN2: ip route add 172.26.0.0/16 dev wg0
- A route on client4 to LAN1: ip route add 172.25.0.0/16 dev wg0
- Routes on the server to both LANS (same as above)
A gateway for the routes is not needed. Once Linux passes the packet to the
WireGuard interface, cryptokey routing (AllowedIPs) is used.
You do not need any NAT.
Cheers,
Samuel
next prev parent reply other threads:[~2020-10-28 3:23 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-22 15:43 Dashamir Hoxha
2020-10-28 3:22 ` Samuel Holland [this message]
2020-10-28 3:39 ` Dashamir Hoxha
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=10a379b2-fa4a-a178-7f5f-43e5b111be6e@sholland.org \
--to=samuel@sholland.org \
--cc=dashohoxha@gmail.com \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).