From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: rcwhelan@gmail.com Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id aec40f35 for ; Thu, 6 Sep 2018 17:13:32 +0000 (UTC) Received: from mail-qt0-x22e.google.com (mail-qt0-x22e.google.com [IPv6:2607:f8b0:400d:c0d::22e]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 967c6ae5 for ; Thu, 6 Sep 2018 17:13:32 +0000 (UTC) Received: by mail-qt0-x22e.google.com with SMTP id j7-v6so13167420qtp.2 for ; Thu, 06 Sep 2018 10:13:47 -0700 (PDT) MIME-Version: 1.0 References: <006501d43f6b$eb516e60$c1f44b20$@mailbox.org> In-Reply-To: <006501d43f6b$eb516e60$c1f44b20$@mailbox.org> From: Ryan Whelan Date: Thu, 6 Sep 2018 13:13:35 -0400 Message-ID: Subject: Re: Routing only to latest peer in the config list seems to work To: danny.korpan@mailbox.org Content-Type: multipart/alternative; boundary="0000000000008b946605753703af" Cc: WireGuard mailing list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , --0000000000008b946605753703af Content-Type: text/plain; charset="UTF-8" You're using the same AllowedIPs for multiple peers. On Thu, Sep 6, 2018 at 12:15 PM wrote: > Hi, > > I have the problem with my wireguard server, that only the latest user > "peer" from the server config can route/ping to the internal wireguard > server IP or the clients in the network behind the wireguard server upon > successful connection. All peers can connect to the server, but only the > latest in the list last can ping other servers. > I can't locate the error in the configs... does anybody have an idea? > > My wireguard server and client version is using 0.0.20180809-wg1~xenial > with > Ubuntu 18.04.1 > > wg0.conf > [Interface] > Address = 192.168.50.1/24 > PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A > POSTROUTING -o eth0 -j MASQUERADE > PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D > POSTROUTING -o eth0 -j MASQUERADE > ListenPort = 51820 > PrivateKey = XXX > > [Peer] > #User 1 > PublicKey = XXX > PresharedKey = XXX > AllowedIPs = 192.168.50.0/24 > > [Peer] > #User 2 > PublicKey = XXX > PresharedKey = XXX > #AllowedIPs = 192.168.50.0/24 > > [Peer] > #User 3 > PublicKey = XXX > PresharedKey = XXX > AllowedIPs = 192.168.50.0/24 > > [Peer] > #User 4 > PublicKey = XXX > PresharedKey = XXX > AllowedIPs = 192.168.50.0/24 > > > > client.config > [Interface] > PrivateKey = XXX > DNS = 192.168.178.1 > Address = 192.168.50.2/24 > > [Peer] > PublicKey = XXX > PresharedKey = XXX > AllowedIPs = 192.168.50.0/24, 190.168.178.0/24 > Endpoint = my.remote.server:51820 > PersistentKeepalive = 25 > > My sysctl.conf includes > net.ipv4.conf.all.proxy_arp = 1 > net.ipv4.ip_forward = 1 > > Does anybody have an idea? > > > Kind Regards, > Danny > > _______________________________________________ > WireGuard mailing list > WireGuard@lists.zx2c4.com > https://lists.zx2c4.com/mailman/listinfo/wireguard > --0000000000008b946605753703af Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

You're using the same AllowedIPs for multiple peers.

On Thu, Sep 6, 2018 at = 12:15 PM <danny.korpan@mailb= ox.org> wrote:

Hi,

I have the problem with my wireguard server, that only the latest user
"peer" from the server config can route/ping to the internal wire= guard
server IP or the clients in the network behind the wireguard server upon successful connection. All peers can connect to the server, but only the latest in the list last can ping other servers.
I can't locate the error in the configs... does anybody have an idea?
My wireguard server and client version is using 0.0.20180809-wg1~xenial wit= h
Ubuntu 18.04.1

wg0.conf
[Interface]
Address =3D 192.168.50.1/24
PostUp =3D iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A
POSTROUTING -o eth0 -j MASQUERADE
PostDown =3D iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D
POSTROUTING -o eth0 -j MASQUERADE
ListenPort =3D 51820
PrivateKey =3D XXX

[Peer]
#User 1
PublicKey =3D XXX
PresharedKey =3D XXX
AllowedIPs =3D 192.168.50.0/24

[Peer]
#User 2
PublicKey =3D XXX
PresharedKey =3D XXX
#AllowedIPs =3D 192.168.50.0/24

[Peer]
#User 3
PublicKey =3D XXX
PresharedKey =3D XXX
AllowedIPs =3D 192.168.50.0/24

[Peer]
#User 4
PublicKey =3D XXX
PresharedKey =3D XXX
AllowedIPs =3D 192.168.50.0/24

client.config
[Interface]
PrivateKey =3D XXX
DNS =3D 192.168.178.1
Address =3D 192.168.50.2/24

[Peer]
PublicKey =3D XXX
PresharedKey =3D XXX
AllowedIPs =3D 192.168.50.0/24, 190.168.178.0/24
Endpoint =3D my.remote.server:51820
PersistentKeepalive =3D 25

My sysctl.conf includes
net.ipv4.conf.all.proxy_arp =3D 1
net.ipv4.ip_forward =3D 1

Does anybody have an idea?

Kind Regards,
Danny

_______________________________________________
WireGuard mailing list
WireGuard@li= sts.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard=

--0000000000008b946605753703af--