Gateway for Wireguard VPN

Germano Massullo germano.massullo at
Tue Nov 21 19:12:45 CET 2017

For who has a Firewalld based Linux distribution like Fedora/RHEL/CentOS:

=== Host B (VPN gateway) ===
When system creates interface wg0, it is not attached to any firewall
zone, so it falls into default zone, that blocks everything except for
ICMP packets. Therefore if you simply run ping among hosts (example from
A to C) everything works, but as soon you try to use a service, it will
not work.
You can solve with
# firewall-cmd --zone=trusted --add-interface=wg0 --permanent
# firewall-cmd --reload

Now from host A you can correctly run
$ ssh user at
that is the server running on host C

More information about the WireGuard mailing list