Gateway for Wireguard VPN
Jason A. Donenfeld
Jason at zx2c4.com
Tue Nov 21 01:41:04 CET 2017
If you want A and C to communicate through B as a trusted intermediary
for A and C's IPs, then your configs actually need to be:
=== Host A (Fedora 26) ===
# cat /etc/wireguard/wg0.conf
[Interface]
Address = 10.1.0.21/24
PrivateKey = *censored*
[Peer]
PublicKey = *censored*
Endpoint = vpn.foo.xx:51820 # vpn.foo.xx is Host B
AllowedIPs = 10.1.0.2/32, 10.1.0.22/32
=== Host B (vpn.foo.xx) (CentOS 7) ===
ip forwarding active: net.ipv4.ip_forward = 1
# cat wg0.conf
[Interface]
Address = 10.1.0.2/24
ListenPort = 51820
PrivateKey = *censored*
[Peer]
PublicKey = *censored*
AllowedIPs = 10.1.0.21/32
[Peer]
PublicKey = *censored*
AllowedIPs = 10.1.0.22/32
=== Host C (CentOS 7) ===
# cat wg0.conf
[Interface]
Address = 10.1.0.22/24
ListenPort = 51820
PrivateKey = *censored*
[Peer]
PublicKey = *censored*
Endpoint = 192.168.1.1:51820
AllowedIPs = 10.1.0.2/32, 10.1.0.21/32
Alternatively, since you're likely going to be doing this for many
peers, you might be best off with this config instead:
=== Host A (Fedora 26) ===
# cat /etc/wireguard/wg0.conf
[Interface]
Address = 10.1.0.21/24
PrivateKey = *censored*
[Peer]
PublicKey = *censored*
Endpoint = vpn.foo.xx:51820 # vpn.foo.xx is Host B
AllowedIPs = 10.1.0.0/24
=== Host B (vpn.foo.xx) (CentOS 7) ===
ip forwarding active: net.ipv4.ip_forward = 1
# cat wg0.conf
[Interface]
Address = 10.1.0.2/24
ListenPort = 51820
PrivateKey = *censored*
[Peer]
PublicKey = *censored*
AllowedIPs = 10.1.0.21/32
[Peer]
PublicKey = *censored*
AllowedIPs = 10.1.0.22/32
=== Host C (CentOS 7) ===
# cat wg0.conf
[Interface]
Address = 10.1.0.22/24
ListenPort = 51820
PrivateKey = *censored*
[Peer]
PublicKey = *censored*
Endpoint = 192.168.1.1:51820
AllowedIPs = 10.1.0.0/24
More information about the WireGuard
mailing list