Access subnet behind server.
Roman Mamedov
rm at romanrm.net
Sun Jan 24 16:33:08 UTC 2021
On Sat, 23 Jan 2021 11:52:56 -0500
Ken D'Ambrosio <ken at jots.org> wrote:
> Hey, all. I'm relatively new to WireGuard, and have a RasPi at my house
> doing firewall duty. Installed WG on it, and on a VPS, and am trying to
> get the VPS to access hosts on my home subnet. So:
>
> VPS <-192.168.50.0/24-> RasPi <--> [192.168.10.0/24]
>
> And, clearly, I'm doing something wrong.
>
> -----------------------------------------------------------
> RasPi server/firewall:
> [Interface]
> Address = 192.168.50.1/24
> SaveConfig = false
> ListenPort = 51820
> PrivateKey = XXX
> [Peer]
> PublicKey = XXX
> AllowedIPs = 192.168.50.11/32
>
> VPS:
> [Interface]
> Address = 192.168.50.11/24
> PrivateKey = XXX
> [Peer]
> PublicKey = XXX
> Endpoint = vpn.foo.bar:51820
> AllowedIPs = 192.168.50.0/24,192.168.10.0/24
> -----------------------------------------------------------
>
> The client connects just fine, and it can talk to the server's VPN IP
> (192.168.50.1) as well as its internal interface (192.168.10.1).
> Likewise, the server can talk to 192.168.50.11. But nothing gets inside
> to other 192.168.10.x hosts. I do have forwarding set up for "all":
>
> root at prouter:/proc# cat /proc/sys/net/ipv4/conf/all/forwarding
> 1
>
> Note that the config files have gone through several permutations as I
> tried to figure this out, so there may be some dumb stuff, but totally
> open to suggestions right now. I'm kinda stumped. Note that a tcpdump
> on the RasPi shows the ping requests coming in, but not being forwarded
> to the internal interface, so I assume I'm just missing Something
> Dumb(tm) in WG land.
Did you allow forwarding in RPi's firewall? Post "iptables-save" from it.
--
With respect,
Roman
More information about the WireGuard
mailing list