* Bridge interfaces?
@ 2017-09-23 20:42 Lord Kitsuna
2017-09-23 22:44 ` Jason A. Donenfeld
0 siblings, 1 reply; 3+ messages in thread
From: Lord Kitsuna @ 2017-09-23 20:42 UTC (permalink / raw)
To: wireguard
[-- Attachment #1: Type: text/plain, Size: 338 bytes --]
This could be a stupid question so bear with me. I currently have a
server/client setup going and it works i can ping the WG addresses and they
can talk to one another. The client also happens to have a Tinc adapter
that goes to a larger network, is it possible to use wireguard to give the
server access to this Tinc through the client?
[-- Attachment #2: Type: text/html, Size: 365 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Bridge interfaces?
2017-09-23 20:42 Bridge interfaces? Lord Kitsuna
@ 2017-09-23 22:44 ` Jason A. Donenfeld
2017-09-28 5:45 ` Lord Kitsuna
0 siblings, 1 reply; 3+ messages in thread
From: Jason A. Donenfeld @ 2017-09-23 22:44 UTC (permalink / raw)
To: Lord Kitsuna; +Cc: WireGuard mailing list
Hi,
Yes indeed this is possible. Enable ip forwarding (sysctl -w
net.ipv4.ip_forwarding=1), and then make sure you have the correct
routes set. You may have to add a few entries to your allowed-ips to
ensure that the network is okay with wireguard, or, perhaps easier,
would to just enable MASQUERADEing (iptables -t nat -A POSTROUTING -s
10.8.8.0/24 -o tinc0 -j MASQUERADE, where 10.8.8.0/24 is the wireguard
network.)
There are a lot of ways to skin the cat, and I suspect if you write
back with details of network segments and whatnot, there might be
others who might have their own useful opinions. Alternatively, you
can always ask in #wireguard on Freenode.
Jason
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Bridge interfaces?
2017-09-23 22:44 ` Jason A. Donenfeld
@ 2017-09-28 5:45 ` Lord Kitsuna
0 siblings, 0 replies; 3+ messages in thread
From: Lord Kitsuna @ 2017-09-28 5:45 UTC (permalink / raw)
To: Jason A. Donenfeld; +Cc: WireGuard mailing list
[-- Attachment #1: Type: text/plain, Size: 855 bytes --]
Oh hey missed this reply, thanks! That was what i needed working
beautifully.
On Sep 23, 2017 3:44 PM, "Jason A. Donenfeld" <Jason@zx2c4.com> wrote:
> Hi,
>
> Yes indeed this is possible. Enable ip forwarding (sysctl -w
> net.ipv4.ip_forwarding=1), and then make sure you have the correct
> routes set. You may have to add a few entries to your allowed-ips to
> ensure that the network is okay with wireguard, or, perhaps easier,
> would to just enable MASQUERADEing (iptables -t nat -A POSTROUTING -s
> 10.8.8.0/24 -o tinc0 -j MASQUERADE, where 10.8.8.0/24 is the wireguard
> network.)
>
> There are a lot of ways to skin the cat, and I suspect if you write
> back with details of network segments and whatnot, there might be
> others who might have their own useful opinions. Alternatively, you
> can always ask in #wireguard on Freenode.
>
> Jason
>
[-- Attachment #2: Type: text/html, Size: 1315 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-09-28 5:17 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-09-23 20:42 Bridge interfaces? Lord Kitsuna
2017-09-23 22:44 ` Jason A. Donenfeld
2017-09-28 5:45 ` Lord Kitsuna
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).