From: Barry Cisna <brcisna@gmail.com>
To: wireguard@lists.zx2c4.com
Subject: hostapd compatible
Date: Sat, 2 Apr 2022 07:42:35 -0500 [thread overview]
Message-ID: <CAL0AYvf0NqPprxZGMe9oqeRdr5aWG+c4sk1pjY6CeUQJJoRZbQ@mail.gmail.com> (raw)
Hello All,
Have been struggling trying to get WireGuard set for a peer(B) that
also acts as an ltsp server to diskless clients,,running dnsmasq,
which iis connected to a Google Cloud instance WireGaurd
PeerA - Google Cloud Debian Bullseye static ip
PeerB - local Debian Bullseye behind CGNAT cellular connection
PeerB uses a cellular modem for internet wwan0 and a bridged interface
for supplying dhcp to thin clients via dnsmasq
bridge0 = ethernet & wlan,which in turns uses hostapd to run the wlan
in master mode AP.
After many hours of iptabling,multiple wired clients works fine
through dnsmasq and internet through PeerB.
BUT the wireless clients are super slow and most web pages never
complete. Have tried all mtu settings on PeerA and PeerB and now see
no fragmented hits in wireshark.
It almost seems as though the MTU on the wlan interface needs to be
changed, but never see any fragment hits on wireshark on the wified
client?
Do NOT have stp enabled on the bridge,Have not tried enabling stp.
MTU 1460 seems to be the best setting for this setup,,but have read on
many tuts using GCloud instance should be 1360. This MTU 1360 made web
pages almost unusable for this setup.
wgo-client2.conf-
[Interface]
PrivateKey = <>
Address = 192.168.69.2/24
#Address = 10.88.88.2/24
#DNS = 10.128.0.2
#Table=off
MTU = 1460
#------------------------------------------------------------------------------------------
#PostUp = ip6tables -t nat -A POSTROUTING -o wwan0 -j MASQUERADE
#PostDown = ip6tables -t nat -A POSTROUTING -o wwan0 -j MASQUERADE
# PostUp = iptables -A FORWARD -i wg0client2 -j ACCEPT
# PostDown = iptables -t nat -A POSTROUTING -o wwan0 -j MASQUERADE
[Peer]
# Google Cloud Server
PublicKey = <.>
Endpoint = 35.226.##.###:51820
AllowedIPs = 0.0.0.0/0, ::/0 # Forward all traffic to server
network/interfaces
auto bridge0
auto wlp3s0
auto enp2s0
iface wlp3s0 inet manual
iface enp2s0 inet manual
#iface wlp3s0 inet6 manual
#iface enp2s0 inet6 manual
#bridge setup
iface bridge0 inet static
bridge_ports enp2s0 wlp3s0
address 192.168.67.1
broadcast 192.168.67.255
netmask 255.255.255.0
post-up iptables-restore < /etc/iptables.up.rules
post-up ip6tables-restore < /etc/ip6tables.up.rules
# gateway 192.168.67.1
# bridge_stp on
Thanks
reply other threads:[~2022-04-21 23:51 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAL0AYvf0NqPprxZGMe9oqeRdr5aWG+c4sk1pjY6CeUQJJoRZbQ@mail.gmail.com \
--to=brcisna@gmail.com \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).