wireguard works for 10.0.0.x/24, but not for 10.10.10.x/24
sitaramc at gmail.com
Sat Aug 25 15:16:54 CEST 2018
On Sat, Aug 25, 2018 at 11:47:11AM +0200, Morten Christensen wrote:
> Den 25-08-2018 04:12, skrev Sitaram Chamarty:
> > Hi
> > I have a very peculiar problem.
> > My wireguard server serves up for my laptop and phone using
> > 10.0.0.1 as its own IP, and .2 and .3 respectively as my laptop
> > and phone's IPs.
> > But if I switch it to any other subnet, like 192.168.25.x/24, or
> > even 10.10.10.x/24, it does not work.
> > (Before someone asks, yes I did remember to change the wg0.conf
> > on both sides before flipping the switch.)
> > I can provide more details, I can run any debugging commands you
> > ask me to, but there is literally no other difference except a
> > `:%s/10.0.0/10.10.10/g` in /etc/wireguard/wg0.conf, on both
> > sides.
> > I am using the wg-quick command, if it matters.
> > I can ping from the laptop to the server (10.10.10.2 ->
> > 10.10.10.1). I can access services running locally on the
> > server (such as tcp/80 or udp/53). "traceroute" will show the
> > first hop as 10.10.10.1, but after that -- silence. It just
> > won't go beyond that.
> > So whatever it is, it seems to be on the server side. Packets
> > make it to the remote endpoint, but don't get routed out to the
> > internet after that.
> Most times vpn-packets get a step further. The remote endpoint do not know
> how to return them to the vpn-server.
> Is your wireguard-server the router/gateway on your system ?
It is the gateway, and that reminded me that, way back when I
first set it up, I had added an iptables MASQUERADE rule, but
only for 10.0.0.0/24.
I had completely forgotten about this till I saw your reply.
Sorry for the PEBCAK; all good now!
> Morten Christensen
> WireGuard mailing list
> WireGuard at lists.zx2c4.com
More information about the WireGuard