need a hand with WG setup
dimitar.vassilev at gmail.com
Sun Sep 1 13:03:18 CEST 2019
На ср, 28.08.2019 г. в 13:56 ч. Dimitar Vassilev <dimitar.vassilev at gmail.com>
> Hi Kalin,
> 1. Disable the FW and test.
> Tried - disabling one fw shows wg traffic flowing.
>> 2. Try ping from one router to the other using the configured public IP
>> That works as well with the default fw config on OpenWRT/LEDE/LibreCMC
>> 3. Ping the other using the WG IP address
>> my problem is that ping between the WG IP addresses is not working. I see
> some PostUp and Postdown examples in the regular configurations like the
> ones below
> PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A
> POSTROUTING -o enp5s0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT;
> ip6tables -t nat -A POSTROUTING -o enp5s0 -j MASQUERADE
> PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D
> POSTROUTING -o enp5s0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT;
> ip6tables -t nat -D POSTROUTING -o enp5s0 -j MASQUERADE
> In the LEDE/OpenWRT derivatives those are marked in the GUI with
> MASQUERADE and route allowed ips options, but still I'm getting stuck. I
> moved my VPN network from /25 to another /24 and still was stuck.
>> If all runs them it is a routing problem left to solve...
>> Agree. I'm a bit at loss which routing - the kernel one or the forwarding
> of packets. Will tear down and start from scratch with another test.
Problem solved via a trivial solution - add my origin VPN endpoint IP into
the list of AllowedIPs for the peer. Used
At least in this setup I see the packets flowing in both directions - RX
Ny next questions are:
- is this normal since I'm behind NAT or there are some OpenWRT
/Wireguard specifics I'm missing? In the docs and examples I see examples
with just peer IPs added
- what should I do to make the flow to a private subnet in DMZ on site B
from site A ?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the WireGuard