From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Jason@zx2c4.com Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id e81d547e for ; Sat, 23 Sep 2017 22:17:08 +0000 (UTC) Received: from frisell.zx2c4.com (frisell.zx2c4.com [192.95.5.64]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id aaf88878 for ; Sat, 23 Sep 2017 22:17:08 +0000 (UTC) Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id fbbc4b9f for ; Sat, 23 Sep 2017 22:36:11 +0000 (UTC) Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 0e52e07a (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128:NO) for ; Sat, 23 Sep 2017 22:36:11 +0000 (UTC) Received: by mail-oi0-f50.google.com with SMTP id b1so2725867oih.4 for ; Sat, 23 Sep 2017 15:44:49 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: References: From: "Jason A. Donenfeld" Date: Sun, 24 Sep 2017 00:44:48 +0200 Message-ID: Subject: Re: Bridge interfaces? To: Lord Kitsuna Content-Type: text/plain; charset="UTF-8" Cc: WireGuard mailing list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Hi, Yes indeed this is possible. Enable ip forwarding (sysctl -w net.ipv4.ip_forwarding=1), and then make sure you have the correct routes set. You may have to add a few entries to your allowed-ips to ensure that the network is okay with wireguard, or, perhaps easier, would to just enable MASQUERADEing (iptables -t nat -A POSTROUTING -s 10.8.8.0/24 -o tinc0 -j MASQUERADE, where 10.8.8.0/24 is the wireguard network.) There are a lot of ways to skin the cat, and I suspect if you write back with details of network segments and whatnot, there might be others who might have their own useful opinions. Alternatively, you can always ask in #wireguard on Freenode. Jason