Trouble running a proxy VPN
Pranesh Prakash
pranesh at cis-india.org
Sat Jun 17 06:26:27 CEST 2017
Jason A. Donenfeld <Jason at zx2c4.com> [2017-06-14 13:48:45 +0200]:
> Looks like maybe you forgot to enable IP forwarding and masquerading
> on the server.
This was exactly it. Thanks for the help on the IRC as well.
I had forwarding configured for OpenVPN on a different IP range, but had
to change it for WireGuard and the IP range I was using with it.
For future novices reading this thread, the things one has to do on a
*fresh* Ubuntu installation:
Step 1: Change /proc/sys/net/ipv4/ip_forward to allow IPv4 packets to be
forwarded in this session:
$ sudo sysctl -w net.ipv4.ip_forward=1
Step 2: Change /etc/sysctl.conf to allow the forwarding of IPv4 packets
even after reboots:
$ sudo sed '/ip_forward/s/^# *//' /etc/sysctl.conf
Step 3: Enable masquerading for the IP range which is there in the
AcceptedIPs line on what is to act as the proxy server (ex: 10.10.10.0/24)
$ sudo iptables -t nat -A POSTROUTING -o <external interface> -s
10.10.10.0/24 -j MASQUERADE
... where <external interface> is something like eth0, enp0s25, wlan0,
wlp3s0, etc., depending on which network interface is being used to
connect to the Internet. You can do this by checking via:
$ ip route ls
Once you've done that, this should work
$ sudo wg-quick up <name>
Cheers,
Pranesh
--
Pranesh Prakash
Policy Director, Centre for Internet and Society
http://cis-india.org | tel:+91 80 40926283
sip:pranesh at ostel.co | xmpp:pranesh at cis-india.org
https://twitter.com/pranesh
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20170617/3eae507c/attachment-0001.asc>
More information about the WireGuard
mailing list