<div dir="ltr">Tried changing the allowed ip's to what was suggested and it did not work. Same behavior as before. Also my configs were working as expected before i had my router connected to a vpn service.<div><br></div><div>It required me to add the following route policy for my vpn client on my router</div><div><br></div><div>Source IP: <a href="http://192.168.1.0/24">192.168.1.0/24</a>, Destination: 0.0.0.0 will go throuh the VPN. So if it matters if i connected to wireguard using the ip address of the ISP vs the IP address of the VPN?</div><div><br></div><div><br clear="all"><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div>--</div>Arpit</div></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Mar 6, 2019 at 1:18 AM XRP <xrp@airmail.cc> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Wed, 2019-03-06 at 08:40 +0000, Arpit Gupta wrote:<br>
> On my server my conf is<br>
> <br>
> [Interface]<br>
> Address = <a href="http://192.168.100.1/32" rel="noreferrer" target="_blank">192.168.100.1/32</a><br>
> PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o<br>
> %i -j<br>
> ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE<br>
> PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD<br>
> -o %i<br>
> -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE<br>
> ListenPort = 54930<br>
> PrivateKey = xxxxx<br>
> <br>
> [Peer]<br>
> PublicKey = xxxx<br>
> AllowedIPs = <a href="http://192.168.100.2/32" rel="noreferrer" target="_blank">192.168.100.2/32</a><br>
> <br>
> <br>
> on my client my config is<br>
> <br>
> [Interface]<br>
> Address = 192.168.100.2<br>
> PrivateKey = xxxxx<br>
> ListenPort = 21841<br>
> DNS = 192.168.1.63<br>
> <br>
> [Peer]<br>
> PublicKey = xxxx<br>
> Endpoint = ddns:xxx<br>
> AllowedIPs = <a href="http://192.168.1.0/24" rel="noreferrer" target="_blank">192.168.1.0/24</a><br>
> <br>
> # This is for if you're behind a NAT and<br>
> # want the connection to be kept alive.<br>
> PersistentKeepalive = 25<br>
<br>
Try changing AllowedIPs in the client config to:<br>
AllowedIPs = <a href="http://192.168.100.1/32,192.168.1.0/24" rel="noreferrer" target="_blank">192.168.100.1/32,192.168.1.0/24</a><br>
<br>
Also, if you want to masquerade the traffic to the internet you need to<br>
add 0.0.0.0./0 to the client or change the destination IP to the server<br>
node via a NAT rule, otherwise it's going to be rejected because the IP<br>
packet doesn't have an AllowedIP address, I think. (The source needs to<br>
match, so either <a href="http://192.168.100.1/32" rel="noreferrer" target="_blank">192.168.100.1/32</a> or <a href="http://192.168.1.0/24" rel="noreferrer" target="_blank">192.168.1.0/24</a>). My guess is<br>
that's why you couldn't complete the handshake.<br>
<br>
</blockquote></div>