multi-home difficulty

d tbsky tbskyd at
Tue Nov 21 15:35:22 CET 2017

2017-11-21 22:15 GMT+08:00 Jason A. Donenfeld <Jason at>:
> On Tue, Nov 21, 2017 at 2:21 PM, d tbsky <tbskyd at> wrote:
>> so at first client connect to server
>> but then server use ip address) to reply and 51820
>> port is nat to 1085 so the communication is broken.
> The server should use to reply. If it's not, that's a bug that
> I should fix. Can you give me a minimal configuration for reproducing
> this setup, so that I can fix whatever issue is occurring?
> Thanks,
> Jason

thanks for the quick reply. my wireguard configuration is in the
previous mail, so I think the linux firewall part is what you want.
there is only one thing special in our firewall config. normally when
you use "ip route get", you will get a wan ip address through
main routing table(eg in above example) . but since we have
multiple routing tables and there is little entries in main routing
table,  "ip route get" will get (lan ip address)
in our firewall.

I don't know how wireguard decide its replying ip address, but it
seems wrong under the situation. maybe it decide it through main
routing table?

our linux firewall environment is RHEL 7.4 and wireguard version is
0.0.20171111 from official repository.

thanks a lot  for help!


More information about the WireGuard mailing list