Gateway for Wireguard VPN
Germano Massullo
germano.massullo at gmail.com
Tue Nov 21 19:12:45 CET 2017
For who has a Firewalld based Linux distribution like Fedora/RHEL/CentOS:
=== Host B (VPN gateway) ===
When system creates interface wg0, it is not attached to any firewall
zone, so it falls into default zone, that blocks everything except for
ICMP packets. Therefore if you simply run ping among hosts (example from
A to C) everything works, but as soon you try to use a service, it will
not work.
You can solve with
# firewall-cmd --zone=trusted --add-interface=wg0 --permanent
# firewall-cmd --reload
Now from host A you can correctly run
$ ssh user at 10.1.0.22
that is the server running on host C
More information about the WireGuard
mailing list