Access subnet behind server.
Ken D'Ambrosio
ken at jots.org
Sat Jan 23 16:52:56 UTC 2021
Hey, all. I'm relatively new to WireGuard, and have a RasPi at my house
doing firewall duty. Installed WG on it, and on a VPS, and am trying to
get the VPS to access hosts on my home subnet. So:
VPS <-192.168.50.0/24-> RasPi <--> [192.168.10.0/24]
And, clearly, I'm doing something wrong.
-----------------------------------------------------------
RasPi server/firewall:
[Interface]
Address = 192.168.50.1/24
SaveConfig = false
ListenPort = 51820
PrivateKey = XXX
[Peer]
PublicKey = XXX
AllowedIPs = 192.168.50.11/32
VPS:
[Interface]
Address = 192.168.50.11/24
PrivateKey = XXX
[Peer]
PublicKey = XXX
Endpoint = vpn.foo.bar:51820
AllowedIPs = 192.168.50.0/24,192.168.10.0/24
-----------------------------------------------------------
The client connects just fine, and it can talk to the server's VPN IP
(192.168.50.1) as well as its internal interface (192.168.10.1).
Likewise, the server can talk to 192.168.50.11. But nothing gets inside
to other 192.168.10.x hosts. I do have forwarding set up for "all":
root at prouter:/proc# cat /proc/sys/net/ipv4/conf/all/forwarding
1
Note that the config files have gone through several permutations as I
tried to figure this out, so there may be some dumb stuff, but totally
open to suggestions right now. I'm kinda stumped. Note that a tcpdump
on the RasPi shows the ping requests coming in, but not being forwarded
to the internal interface, so I assume I'm just missing Something
Dumb(tm) in WG land.
Thanks!
-Ken
More information about the WireGuard
mailing list