Trouble running a proxy VPN

Pranesh Prakash pranesh at cis-india.org
Sat Jun 17 06:26:27 CEST 2017


Jason A. Donenfeld <Jason at zx2c4.com> [2017-06-14 13:48:45 +0200]:
> Looks like maybe you forgot to enable IP forwarding and masquerading
> on the server.

This was exactly it.  Thanks for the help on the IRC as well.

I had forwarding configured for OpenVPN on a different IP range, but had 
to change it for WireGuard and the IP range I was using with it.

For future novices reading this thread, the things one has to do on a 
*fresh* Ubuntu installation:

Step 1: Change /proc/sys/net/ipv4/ip_forward to allow IPv4 packets to be 
forwarded in this session:
$ sudo sysctl -w net.ipv4.ip_forward=1

Step 2: Change /etc/sysctl.conf to allow the forwarding of IPv4 packets 
even after reboots:
$ sudo sed '/ip_forward/s/^# *//' /etc/sysctl.conf

Step 3: Enable masquerading for the IP range which is there in the 
AcceptedIPs line on what is to act as the proxy server (ex: 10.10.10.0/24)
$ sudo iptables -t nat -A POSTROUTING -o <external interface> -s 
10.10.10.0/24 -j MASQUERADE

... where <external interface> is something like eth0, enp0s25, wlan0, 
wlp3s0, etc., depending on which network interface is being used to 
connect to the Internet.  You can do this by checking via:

$ ip route ls

Once you've done that, this should work

$ sudo wg-quick up <name>

Cheers,
Pranesh



-- 
Pranesh Prakash
Policy Director, Centre for Internet and Society
http://cis-india.org | tel:+91 80 40926283
sip:pranesh at ostel.co | xmpp:pranesh at cis-india.org
https://twitter.com/pranesh

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20170617/3eae507c/attachment-0001.asc>


More information about the WireGuard mailing list