From: Germano Massullo <germano.massullo@gmail.com>
To: WireGuard mailing list <wireguard@lists.zx2c4.com>
Subject: Re: Gateway for Wireguard VPN
Date: Tue, 21 Nov 2017 19:12:45 +0100 [thread overview]
Message-ID: <a32ab937-8b60-38f4-b042-64a7c4aa41e4@gmail.com> (raw)
In-Reply-To: <2a922e87-81a4-0bbe-8990-2502a91429ef@gmail.com>
For who has a Firewalld based Linux distribution like Fedora/RHEL/CentOS:
=== Host B (VPN gateway) ===
When system creates interface wg0, it is not attached to any firewall
zone, so it falls into default zone, that blocks everything except for
ICMP packets. Therefore if you simply run ping among hosts (example from
A to C) everything works, but as soon you try to use a service, it will
not work.
You can solve with
# firewall-cmd --zone=trusted --add-interface=wg0 --permanent
# firewall-cmd --reload
Now from host A you can correctly run
$ ssh user@10.1.0.22
that is the server running on host C
prev parent reply other threads:[~2017-11-21 18:07 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-21 0:09 Germano Massullo
2017-11-21 0:41 ` Jason A. Donenfeld
2017-11-21 9:35 ` Germano Massullo
2017-11-21 18:12 ` Germano Massullo [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a32ab937-8b60-38f4-b042-64a7c4aa41e4@gmail.com \
--to=germano.massullo@gmail.com \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).