<div dir="ltr"><div><font face="monospace" size="2"><br></font></div><div><font face="monospace" size="2">basically this is what happens:</font></div><div><font face="monospace" size="2">client connects to <a href="http://134.56.78.5:443">134.56.78.5:443</a></font></div><div><font face="monospace" size="2">wg show gives:</font></div><div><font face="monospace" size="2">peer <a href="http://111.22.33.25:443">111.22.33.25:443</a></font></div><div><font face="monospace" size="2"><br></font></div><div><font face="monospace" size="2">                                                       +----------------------+</font></div><div><font face="monospace" size="2">                                                       |                      |</font></div><div><font face="monospace" size="2">                                      +----------------+      client          |</font></div><div><font face="monospace" size="2">                                      |                |   <a href="http://81.82.222.111/18">81.82.222.111/18</a> (fixed IP)</font></div><div><font face="monospace" size="2">                                  XXXX++XX             |                      |</font></div><div><font face="monospace" size="2">                            XXXXXX        XXX          +----------------------+</font></div><div><font face="monospace" size="2">                          XX  X              XX</font></div><div><font face="monospace" size="2">                          X     internet      X          client config:</font></div><div><font face="monospace" size="2">                          X X                XX            [interface]</font></div><div><font face="monospace" size="2">                               XX           XX             peer <a href="http://134.56.78.5:443">134.56.78.5:443</a></font></div><div><font face="monospace" size="2">               <a href="http://111.22.33.26/30">111.22.33.26/30</a>  |XXX      XX</font></div><div><font face="monospace" size="2">                default gateway |   XXXXXXX</font></div><div><font face="monospace" size="2">                                |</font></div><div><font face="monospace" size="2">                                |                        after connect:</font></div><div><font face="monospace" size="2">                     UPLINK     |                        wg show</font></div><div><font face="monospace" size="2">                                |                          peer <a href="http://111.22.33.25:443">111.22.33.25:443</a></font></div><div><font face="monospace" size="2">                                |</font></div><div><font face="monospace" size="2">            +-------------------+-------------------+</font></div><div><font face="monospace" size="2">            |    eth1:<a href="http://111.22.33.25/30">111.22.33.25/30</a>               |</font></div><div><font face="monospace" size="2">            |                                       |</font></div><div><font face="monospace" size="2">            |       router  = wg server             |</font></div><div><font face="monospace" size="2">            |                                       |</font></div><div><font face="monospace" size="2">            |    eth0: <a href="http://134.56.78.1/24">134.56.78.1/24</a> deft gw for <a href="http://134.56.78.0/24">134.56.78.0/24</a></font></div><div><font face="monospace" size="2">            |    eth0: <a href="http://134.56.78.5/24">134.56.78.5/24</a> a free ip with open port for 443 (wg destination)</font></div><div><font face="monospace" size="2">            +----------------+----------------------+</font></div><div><font face="monospace" size="2">                             |</font></div><div><font face="monospace" size="2">                             |</font></div><div><font face="monospace" size="2">                             |</font></div><div><font face="monospace" size="2">                             |</font></div><div><font face="monospace" size="2">                             |</font></div><div><font face="monospace" size="2">+----------------------------+--------------------------------+ also <a href="http://134.56.78.0/24">134.56.78.0/24</a></font></div><div><br></div><div>no nat at all in this setup only some firewall filtering</div><div><br></div><div>Jan</div></div><br><div class="gmail_quote"><div dir="ltr">On Thu, Aug 10, 2017 at 8:40 PM Jason A. Donenfeld <<a href="mailto:Jason@zx2c4.com">Jason@zx2c4.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi Jan,<div><br></div><div>So it looks like this is happening to you:</div><div><br></div><div><img src="cid:ii_j66sdnxy0_15dcd70af6037987" width="383" height="562"></div><div><br></div><div>This should not be the behavior, and if it is, you've either found a bug in WireGuard or a bug in your own setup.</div><div><br></div><div>1) Are you running the latest snapshot of WireGuard? Which one?</div><div>2) "<span style="font-size:12.8px">but I don’t know for sure… it seems to be a regression somewhere as I don’t recall to have that problem before…" Can you be more precise?</span></div><div><span style="font-size:12.8px">3) If you are running the latest version, does this patch fix it? <a href="http://ix.io/z3d" target="_blank">http://ix.io/z3d</a></span></div><div><span style="font-size:12.8px">4) Can you confirm that there exists a route from the server back to the client?</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">Thanks,</span></div><div><span style="font-size:12.8px">Jason<br></span>​<br></div></div>
</blockquote></div>