cant connect to wireguard when router connected to a vpn service
XRP
xrp at airmail.cc
Wed Mar 6 10:18:11 CET 2019
On Wed, 2019-03-06 at 08:40 +0000, Arpit Gupta wrote:
> On my server my conf is
>
> [Interface]
> Address = 192.168.100.1/32
> PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o
> %i -j
> ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD
> -o %i
> -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
> ListenPort = 54930
> PrivateKey = xxxxx
>
> [Peer]
> PublicKey = xxxx
> AllowedIPs = 192.168.100.2/32
>
>
> on my client my config is
>
> [Interface]
> Address = 192.168.100.2
> PrivateKey = xxxxx
> ListenPort = 21841
> DNS = 192.168.1.63
>
> [Peer]
> PublicKey = xxxx
> Endpoint = ddns:xxx
> AllowedIPs = 192.168.1.0/24
>
> # This is for if you're behind a NAT and
> # want the connection to be kept alive.
> PersistentKeepalive = 25
Try changing AllowedIPs in the client config to:
AllowedIPs = 192.168.100.1/32,192.168.1.0/24
Also, if you want to masquerade the traffic to the internet you need to
add 0.0.0.0./0 to the client or change the destination IP to the server
node via a NAT rule, otherwise it's going to be rejected because the IP
packet doesn't have an AllowedIP address, I think. (The source needs to
match, so either 192.168.100.1/32 or 192.168.1.0/24). My guess is
that's why you couldn't complete the handshake.
More information about the WireGuard
mailing list