Route all traffic to one IP _only_ via wireguard
Eric Light
eric at ericlight.com
Sat Apr 28 15:49:20 CEST 2018
Hi Reiner!
I think the problem here is your client's AllowedIPs section. If you only want to access one address, you only enter that target IP - not the whole internet space (0.0.0.0/0). That's why everything is being routed out via your wg0.
So you should change that client AllowedIPs to 172.16.0.1/32, and that'll fix it. Alternatively, set it to /24 if you also want access to other devices within the corporate LAN... That's how I do it.
I think that's all you need. Sorry if I've missed something! :)
E
--------------------------------------------
Q: Why is this email five sentences or less?
A: http://five.sentenc.es
On Sat, 28 Apr 2018, at 22:07, reiner otto wrote:
> My basic setup of wg works, I can ssh from/to server or client.
> But the real goal is to tunnel only traffic with a specific destination IP
> via wireguard from client to server.
> I.e. a local router, which allows direct access to the web,
> _BUT_ all traffic going to the corporate server using wireguard only.
> Corporate server (public 1.2.3.4) == wireguard server (172.16.0.1).
>
> I tried various settings on my client, like
> ip route 1.2.3.4 dev wg0
> ip route 1.2.3.4 via 172.16.0.1
> etc.
> but nothing worked.
>
> Any help really appreciated.
>
> ---
> wg0.conf on server (1.2.3.4):
> [Interface]
> ListenPort = 1234
> PrivateKey = secret
> [Peer]
> PublicKey = secret
> AllowedIPs = 172.16.0.0/16
> -
> wg0.conf on client (172.16.18.31):
> [Interface]
> PrivateKey = secret
> ListenPort = 1234
> [Peer]
> PublicKey = secret
> AllowedIPs = 0.0.0.0/0
> Endpoint = 1.2.3.4:1234
>
>
> _______________________________________________
> WireGuard mailing list
> WireGuard at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
More information about the WireGuard
mailing list