From: Roman Mamedov <rm@romanrm.net>
To: Ken D'Ambrosio <ken@jots.org>
Cc: wireguard@lists.zx2c4.com
Subject: Re: Access subnet behind server.
Date: Sun, 24 Jan 2021 21:33:08 +0500 [thread overview]
Message-ID: <20210124213308.4b774a07@natsu> (raw)
In-Reply-To: <4464b11ea233ea1e57f49d4a5d1a84d5@jots.org>
On Sat, 23 Jan 2021 11:52:56 -0500
Ken D'Ambrosio <ken@jots.org> wrote:
> Hey, all. I'm relatively new to WireGuard, and have a RasPi at my house
> doing firewall duty. Installed WG on it, and on a VPS, and am trying to
> get the VPS to access hosts on my home subnet. So:
>
> VPS <-192.168.50.0/24-> RasPi <--> [192.168.10.0/24]
>
> And, clearly, I'm doing something wrong.
>
> -----------------------------------------------------------
> RasPi server/firewall:
> [Interface]
> Address = 192.168.50.1/24
> SaveConfig = false
> ListenPort = 51820
> PrivateKey = XXX
> [Peer]
> PublicKey = XXX
> AllowedIPs = 192.168.50.11/32
>
> VPS:
> [Interface]
> Address = 192.168.50.11/24
> PrivateKey = XXX
> [Peer]
> PublicKey = XXX
> Endpoint = vpn.foo.bar:51820
> AllowedIPs = 192.168.50.0/24,192.168.10.0/24
> -----------------------------------------------------------
>
> The client connects just fine, and it can talk to the server's VPN IP
> (192.168.50.1) as well as its internal interface (192.168.10.1).
> Likewise, the server can talk to 192.168.50.11. But nothing gets inside
> to other 192.168.10.x hosts. I do have forwarding set up for "all":
>
> root@prouter:/proc# cat /proc/sys/net/ipv4/conf/all/forwarding
> 1
>
> Note that the config files have gone through several permutations as I
> tried to figure this out, so there may be some dumb stuff, but totally
> open to suggestions right now. I'm kinda stumped. Note that a tcpdump
> on the RasPi shows the ping requests coming in, but not being forwarded
> to the internal interface, so I assume I'm just missing Something
> Dumb(tm) in WG land.
Did you allow forwarding in RPi's firewall? Post "iptables-save" from it.
--
With respect,
Roman
next prev parent reply other threads:[~2021-01-24 16:37 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-23 16:52 Ken D'Ambrosio
2021-01-24 16:33 ` Roman Mamedov [this message]
2021-01-24 17:37 ` ml-wireguard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210124213308.4b774a07@natsu \
--to=rm@romanrm.net \
--cc=ken@jots.org \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).