ERX wireguard assistance please
Simon McNair
simonmcnair at gmail.com
Tue Jul 6 13:25:56 UTC 2021
Hi,
I've searched to try and find the solution to my issue but I'm no expert
and I'm not entirely sure what to search for. I would appreciate your
help please.
In summary, If I connect to my LAN via local WiFi I successfully connect
to wireguard:
interface: wg0
public key: <removed>
private key: (hidden)
listening port: 12345
peer: <removed>
endpoint: 192.168.100.102:50084
allowed ips: 10.250.250.5/32
latest handshake: Now
transfer: 157.33 KiB received, 536.33 KiB sent
persistent keepalive: every 25 seconds
However if I try and connect via a remote network it fails. My DDNS is
resolving correctly to the correct IP so I can only think that firewall
rules or NAT is somehow causing the issue. Has anyone come across this
before please ?
I don't know how to monitor my WAN port 12345 for activity, I tried
tcpdump -n -v -i wg0 to no real benefit.
The ERX is running v2.0.9-hotfix.2 and
e50-v2-v1.0.20210606-v1.0.20210424.deb
High level the infrastructure is:
LAN: 192.168.100.0/24
wg ip : 10.250.250.1/24
listen port:12345
route-allowed-ips:true
peer allowed ip is : 10.250.250.5/32
Firewall policy WAN_LOCAL default action drop, rule 2 wireguard
destination port 12345, protocol udp, action accept
I would appreciate any help you can provide. The aim is to be able to
access resources in the 192.168.100.0/24 subnet using routed ip from the
10.250.250.0/24 transit network.
My apologies if my syntax or understanding is flawed.
Regards
Simon
More information about the WireGuard
mailing list