SSH stuck

Jonathon Fernyhough jonathon.fernyhough at
Wed May 10 09:31:12 CEST 2017

Hi Jean-Yves,

On 09/05/17 23:32, Bzzzz wrote:
> 1- I solved the LAN being unreachable apart the endpoint and the internet
>    being completely unreachable with an iptables rule:
>    iptables -t nat -I POSTROUTING -s -o eth0 -j MASQUERADE
>    is this right? (if not, why?)

I don't think this is Wireguard specific. That rule essentially allows
that machine to act as a NAT gateway, the same as for e.g. an OpenVPN

> 2- When I want to ssh any LAN machine, wireshark only sees 4 packets:
> 	client announce
> 	server ACK
> 	client key negociation
> 	server key negociation
>    and that's all.
>    Is it a limitation (non-TCP packets) or is there another reason for
>    ssh not working as expected? (connecting to any machine http srv works
>    perfectly)

SSH over a Wireguard interface works as expected for me. You might have
some luck seeing what's going on with `ssh -v` (and increasing the
verbosity with further `v`s, e.g. `ssh -vvvv`).


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the WireGuard mailing list