cant connect to wireguard when router connected to a vpn service

Arpit Gupta g.arpit at gmail.com
Wed Mar 6 16:59:22 CET 2019


Tried changing the allowed ip's to what was suggested and it did not work.
Same behavior as before. Also my configs were working as expected before i
had my router connected to a vpn service.

It required me to add the following route policy for my vpn client on my
router

Source IP: 192.168.1.0/24, Destination: 0.0.0.0 will go throuh the VPN. So
if it matters if i connected to wireguard using the ip address of the ISP
vs the IP address of the VPN?


--
Arpit


On Wed, Mar 6, 2019 at 1:18 AM XRP <xrp at airmail.cc> wrote:

> On Wed, 2019-03-06 at 08:40 +0000, Arpit Gupta wrote:
> > On my server my conf is
> >
> > [Interface]
> > Address = 192.168.100.1/32
> > PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o
> > %i -j
> > ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> > PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD
> > -o %i
> > -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
> > ListenPort = 54930
> > PrivateKey = xxxxx
> >
> > [Peer]
> > PublicKey = xxxx
> > AllowedIPs = 192.168.100.2/32
> >
> >
> > on my client my config is
> >
> > [Interface]
> > Address = 192.168.100.2
> > PrivateKey = xxxxx
> > ListenPort = 21841
> > DNS = 192.168.1.63
> >
> > [Peer]
> > PublicKey = xxxx
> > Endpoint = ddns:xxx
> > AllowedIPs = 192.168.1.0/24
> >
> > # This is for if you're behind a NAT and
> > # want the connection to be kept alive.
> > PersistentKeepalive = 25
>
> Try changing AllowedIPs in the client config to:
> AllowedIPs = 192.168.100.1/32,192.168.1.0/24
>
> Also, if you want to masquerade the traffic to the internet you need to
> add 0.0.0.0./0 to the client or change the destination IP to the server
> node via a NAT rule, otherwise it's going to be rejected because the IP
> packet doesn't have an AllowedIP address, I think. (The source needs to
> match, so either 192.168.100.1/32 or 192.168.1.0/24). My guess is
> that's why you couldn't complete the handshake.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20190306/f9c42766/attachment.html>


More information about the WireGuard mailing list