tbskyd at gmail.com
Tue Nov 21 15:35:22 CET 2017
2017-11-21 22:15 GMT+08:00 Jason A. Donenfeld <Jason at zx2c4.com>:
> On Tue, Nov 21, 2017 at 2:21 PM, d tbsky <tbskyd at gmail.com> wrote:
>> so at first client 22.214.171.124:51820 connect to server 126.96.36.199:51820
>> but then server use 172.18.1.254(lan ip address) to reply and 51820
>> port is nat to 1085 so the communication is broken.
> The server should use 188.8.131.52 to reply. If it's not, that's a bug that
> I should fix. Can you give me a minimal configuration for reproducing
> this setup, so that I can fix whatever issue is occurring?
thanks for the quick reply. my wireguard configuration is in the
previous mail, so I think the linux firewall part is what you want.
there is only one thing special in our firewall config. normally when
you use "ip route get 184.108.40.206", you will get a wan ip address through
main routing table(eg 220.127.116.11 in above example) . but since we have
multiple routing tables and there is little entries in main routing
table, "ip route get 18.104.22.168" will get 172.18.1.254 (lan ip address)
in our firewall.
I don't know how wireguard decide its replying ip address, but it
seems wrong under the situation. maybe it decide it through main
our linux firewall environment is RHEL 7.4 and wireguard version is
0.0.20171111 from official repository.
thanks a lot for help!
More information about the WireGuard