From: Jeremy Hansen <jeremy@skidrow.la>
To: wireguard@lists.zx2c4.com
Subject: Prevent all traffic from going through the WG tunnel
Date: Tue, 03 Jan 2023 22:44:21 -0800 [thread overview]
Message-ID: <8798af73660eb86c6fd661be90af8b73@skidrow.la> (raw)
[-- Attachment #1.1: Type: text/plain, Size: 1284 bytes --]
I have a remote network that I've tied in to my WG server. I'm noticing
that all traffic from this remote network that goes outbound to the
internet is getting routed through my wireguard server.
Client config:
[Interface]
PrivateKey = XXXX
Address = 10.10.10.10/32
ListenPort = 51821
[Peer]
PublicKey = XXXX
Endpoint = 11.11.11.11:51821 <- IP of the WG server.
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepAlive=25
Server config:
[Interface]
PrivateKey = XXXX
Address = 10.10.10.1/32
ListenPort = 51821
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i
-j ACCEPT; iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o
%i -j ACCEPT; iptables -t nat -D POSTROUTING -o eno1 -j MASQUERADE
# IP forwarding
PreUp = sysctl -w net.ipv4.ip_forward=1
[Peer]
PublicKey = XXXX
AllowedIPs = 10.10.10.10/32, 192.168.128.0/17 <- Client's internal
network.
My goal is that regular outbound traffic just goes out the client node's
outside routable interface and traffic between the internal networks
goes through wireguard.
For example, I'm seeing email being sent through the MTA I have
configured on the "client" is showing up as originating from the
outbound IP of the "server".
Thanks!
[-- Attachment #1.2: 0x1BF1B863.asc --]
[-- Type: application/pgp-keys, Size: 3959 bytes --]
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next reply other threads:[~2023-01-04 13:50 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-04 6:44 Jeremy Hansen [this message]
2023-01-04 16:41 ` Szymon Nowak
[not found] ` <C52E1F98-95C4-41C4-BF67-10618CDF0AEB@nagel-mail.com>
2023-01-04 17:01 ` Jeremy Hansen
2023-01-04 23:41 ` Omkhar Arasaratnam
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8798af73660eb86c6fd661be90af8b73@skidrow.la \
--to=jeremy@skidrow.la \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).