I'm a bit confused about your configuration files - could you better organize them and present including the underlying host they are on? From the question, it's unclear as to whether there are multiple WireGuard servers or a single server. I see you reference pinging 192.168.1.0/24 but I do not see any configurations showing that CIDR. You may need a masquerade or SNAT for your WireGuard (wg0/wg1) interface. Otherwise, the forwarded packets will be from an invalid range/host and discarded depending on the exact configuration. I.e. if your traffic is coming into the server from client -> wg1 but leaving (forwarding) to wg0 then you'll need a masquerade on wg0 iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE ------------------------------ *Michael B. Williams* Glexia, Inc. - An IT Company USA Direct: +1 978 477 6797 USA Toll Free: +1 800 675 0297 x101 AUS Direct: +61 3 8594 2265 AUS Toll Free: +61 1800 931 724 x101 Fax: +1.815-301-5570 Michael.Williams@glexia.com https://www.glexia.com/ https://www.glexia.com.au/ *Legal Notice:* The information in this electronic mail message is the sender's confidential business and may be legally privileged. It is intended solely for the addressee(s). Access to this internet electronic mail message by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. On Thu, Sep 12, 2019 at 3:33 PM Adrián Mihálko wrote: > I am trying to route between multiple WG interfaces. > > On my primary server: > > wg0.conf: > > [Interface] > Address = 192.168.6.4/24 > ListenPort = 51820 > PrivateKey = > PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j > ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE > PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i > -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE > > [Peer] > PublicKey = > AllowedIPs = 192.168.6.1/32, 192.168.1.0/24 > Endpoint = xy.com:51820 > > wg1.conf: > > [Interface] > Address = 192.168.9.1/24 > ListenPort = 51821 > PrivateKey = > > PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j > ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE > PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i > -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE > > [Peer] > PublicKey = > AllowedIPs = 192.168.9.3/32 > > --- > > With wg0 I am connecting to an other server (xy.com:51820). On wg1 I am > accepting client connections. > > On this server I can ping everything, so connection is working well. > > ping 192.168.6.1 - works > ping 192.168.1.xxx - works > > ping 192.168.9.3 - works > > --- > > Now I am connecting my client to this server (client 192.168.9.3): > > [Interface] > PrivateKey = > Address = 192.168.9.3/24 > DNS = 192.168.9.1 > > [Peer] > PublicKey = > AllowedIPs = 192.168.9.1/32, 192.168.1.0/24 > Endpoint = primaryserver:51821 > > > I can ping server 192.168.9.1 as expected, but I am unable to ping any of > my devices in 192.168.1.0/24. > > Anyone knows what's the problem here? > _______________________________________________ > WireGuard mailing list > WireGuard@lists.zx2c4.com > https://lists.zx2c4.com/mailman/listinfo/wireguard >