Gateway for Wireguard VPN - Germano Massullo

Development discussion of WireGuard
 help / color / mirror / Atom feed

From: Germano Massullo <germano.massullo@gmail.com>
To: wireguard@lists.zx2c4.com
Subject: Gateway for Wireguard VPN
Date: Tue, 21 Nov 2017 01:09:54 +0100	[thread overview]
Message-ID: <b68e7d6a-baba-630c-49f5-193899f05d38@gmail.com> (raw)

I am experiencing some troubles in configuring Wireguard to communicate t=
o an host that is behind a NAT. Here my use case:

Host A: my computer under ISP NAT
Host B server with public static IP address, that is also a gatway for a =
"natted" LAN,
Host C: machine running on such LAN

I do want to allow host A to communicate with C, but I cannot manage to d=
o that. It can only ping host B
I attach some config files, if you have an idea, please let me know.
Thank you for your time

=3D=3D=3D Host A (Fedora 26) =3D=3D=3D
# cat /etc/wireguard/wg0.conf=20
[Interface]
Address =3D 10.1.0.21/24
PrivateKey =3D *censored*

[Peer]
PublicKey =3D *censored*
Endpoint =3D vpn.foo.xx:51820  # vpn.foo.xx is Host B
AllowedIPs =3D 10.1.0.2/32

[Peer]
PublicKey =3D *censored*   # host C
Endpoint =3D vpn.foo.xx:51820
AllowedIPs =3D 10.1.0.22/32


=3D=3D=3D Host B (vpn.foo.xx) (CentOS 7) =3D=3D=3D
ip forwarding active: net.ipv4.ip_forward =3D 1
# cat wg0.conf=20
[Interface]
Address =3D 10.1.0.2/24
ListenPort =3D 51820
PrivateKey =3D *censored*

[Peer]
PublicKey =3D *censored*
AllowedIPs =3D 10.1.0.21/32

[Peer]
PublicKey =3D *censored*
AllowedIPs =3D 10.1.0.22/32


=3D=3D=3D Host C (CentOS 7) =3D=3D=3D

# cat wg0.conf=20
[Interface]
Address =3D 10.1.0.22/24
ListenPort =3D 51820
PrivateKey =3D *censored*

[Peer]
PublicKey =3D *censored*
Endpoint =3D 192.168.1.1:51820
AllowedIPs =3D 10.1.0.2/32

[Peer]
PublicKey =3D *censored*
AllowedIPs =3D 10.1.0.21/32

next             reply	other threads:[~2017-11-21  0:05 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-11-21  0:09 Germano Massullo [this message]
2017-11-21  0:41 ` Jason A. Donenfeld
2017-11-21  9:35   ` Germano Massullo
2017-11-21 18:12     ` Germano Massullo

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=b68e7d6a-baba-630c-49f5-193899f05d38@gmail.com \
    --to=germano.massullo@gmail.com \
    --cc=wireguard@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).