Development discussion of WireGuard
 help / color / mirror / Atom feed
From: Jeremy Hansen <jeremy@skidrow.la>
To: wireguard@lists.zx2c4.com
Subject: Prevent all traffic from going through the WG tunnel
Date: Tue, 03 Jan 2023 22:44:21 -0800	[thread overview]
Message-ID: <8798af73660eb86c6fd661be90af8b73@skidrow.la> (raw)


[-- Attachment #1.1: Type: text/plain, Size: 1284 bytes --]

I have a remote network that I've tied in to my WG server.  I'm noticing 
that all traffic from this remote network that goes outbound to the 
internet is getting routed through my wireguard server.

Client config:
[Interface]
PrivateKey = XXXX
Address = 10.10.10.10/32
ListenPort = 51821

[Peer]
PublicKey = XXXX
Endpoint = 11.11.11.11:51821 <- IP of the WG server.
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepAlive=25


Server config:
[Interface]
PrivateKey = XXXX
Address = 10.10.10.1/32
ListenPort = 51821

PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i 
-j ACCEPT; iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o 
%i -j ACCEPT; iptables -t nat -D POSTROUTING -o eno1 -j MASQUERADE

# IP forwarding
PreUp = sysctl -w net.ipv4.ip_forward=1

[Peer]
PublicKey = XXXX
AllowedIPs = 10.10.10.10/32, 192.168.128.0/17 <- Client's internal 
network.


My goal is that regular outbound traffic just goes out the client node's 
outside routable interface and traffic between the internal networks 
goes through wireguard.

For example, I'm seeing email being sent through the MTA I have 
configured on the "client" is showing up as originating from the 
outbound IP of the "server".

Thanks!

[-- Attachment #1.2: 0x1BF1B863.asc --]
[-- Type: application/pgp-keys, Size: 3959 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

             reply	other threads:[~2023-01-04 13:50 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-01-04  6:44 Jeremy Hansen [this message]
2023-01-04 16:41 ` Szymon Nowak
     [not found] ` <C52E1F98-95C4-41C4-BF67-10618CDF0AEB@nagel-mail.com>
2023-01-04 17:01   ` Jeremy Hansen
2023-01-04 23:41 ` Omkhar Arasaratnam

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=8798af73660eb86c6fd661be90af8b73@skidrow.la \
    --to=jeremy@skidrow.la \
    --cc=wireguard@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).