No mention of ip tables to setup VPN

Fri Dec 1 20:39:16 UTC 2023

I setup wireguard following the site. I did not create configuration
files. I just followed the example on
https://www.wireguard.com/quickstart/

I can ping between the hosts through wg via their interface IPs
10.0.0.1 / 10.0.0.2

One host I wish to use it as a VPN. Call it Host A

I set `net.ipv4.ip_forward = 1 on host A and checked it was set properly.

Then to setup the routing I follow the section `````Overriding The
Default Route```` in https://www.wireguard.com/netns/ on Host B

After adding routes by above, I can still ping each host via their ip
and am still connected to the other host via SSH . But I lose my
internet connection on Host B otherwise. I copied my wg command
outputs and config details below.

Does anyone know what I'm doing wrong?

In some examples I see folks using iptables like:

setting `iptables -t nat -A POSTROUTING -j MASQUERADE` on Host A .

If it's likely necessary, why don't I see a mention of this on the
documentation on wireguard.com ?

Some errors I see:

PING google.com (142.250.69.206) 56(84) bytes of data.

>From XXX (10.0.0.2) icmp_seq=1 Destination Host Unreachable

ping: sendmsg: Required key not available

>From XXX (10.0.0.2) icmp_seq=2 Destination Host Unreachable

ping: sendmsg: Required key not available

>From XXX (10.0.0.2) icmp_seq=3 Destination Host Unreachable

ping: sendmsg: Required key not available

../../../lib/isc/netmgr/uverr2result.c:98:isc___nm_uverr2result():
unable to convert libuv error code in udp_send_cb
(../../../lib/isc/netmgr/udp.c:802) to isc_result: -126: Unknown
system error -126

;; communications error to 1.1.1.1#53: timed out

../../../lib/isc/netmgr/uverr2result.c:98:isc___nm_uverr2result():
unable to convert libuv error code in udp_send_cb
(../../../lib/isc/netmgr/udp.c:802) to isc_result: -126: Unknown
system error -126

^C[colin_williams at JT9M367J07 wg]$ ping 10.0.0.1

PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Host A wg command output

interface: wg0

public key: 5ZXlotq43t3g3qz97ZkXeSu75+E6UchzO5hj4=

private key: (hidden)

listening port: XXXXX

peer: 5mjkoeRw2e0IbPa2rontt5AvO8oJgCVBlJgqVil+1T4=

endpoint: 203.45.131.16:33333

allowed ips: 10.0.0.2/32

latest handshake: 8 minutes, 4 seconds ago

transfer: 27.48 KiB received, 33.24 KiB sent

Host B wg command output

interface: wg0

public key: 5mjko3qg3g3qg35AvO8oJgCVBlJgqVil+1T4=

private key: (hidden)

listening port: 35052

peer: 5ZXlosrq6L+ZT+O5Bg1mz97ZkXeSu75+E6UchzO5hj4=

endpoint: 203.4.11.174:38101

allowed ips: 10.0.0.1/32

latest handshake: 9 minutes, 9 seconds ago

transfer: 26.73 KiB received, 30.51 KiB sent

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Routing table Host B before additions. Everything works from Host A &&
B at this point

default via 192.168.10.1 dev wlp1s0f0 proto dhcp src 192.168.10.177 metric 600

10.0.0.0/24 dev wg0 proto kernel scope link src 10.0.0.2

192.168.10.0/24 dev wlp1s0f0 proto kernel scope link src
192.168.10.177 metric 600

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Adding `````Overriding The Default Route```` from doc in
https://www.wireguard.com/netns/ on Host B

route.

After adding the route to HostB, I can no longer access most internet
resources from HostB. However, host B can still ping Host A and vice
versa via IP address.

The errors shown above for Host B are after I set the routing table.
Please excuse if the route table looks funny. I think I am having
trouble pasting from my laptop.

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

0.0.0.00.0.0.0128.0.0.0U 0 0 0 wg0

default _gateway 0.0.0.0UG 600 0 0 wlp1

10.0.0.00.0.0.0255.255.255.0 U 0 0 0 wg0

128.0.0.00.0.0.0128.0.0.0U 0 0 0 wg0

192.168.10.00.0.0.0255.255.255.0 U 600 0 0 wlp1

203.45.131.16:33333 _gateway 255.255.255.255 UGH 0 0 0 wlp1