Prevent all traffic from going through the WG tunnel
Jeremy Hansen
jeremy at skidrow.la
Wed Jan 4 06:44:21 UTC 2023
I have a remote network that I've tied in to my WG server. I'm noticing
that all traffic from this remote network that goes outbound to the
internet is getting routed through my wireguard server.
Client config:
[Interface]
PrivateKey = XXXX
Address = 10.10.10.10/32
ListenPort = 51821
[Peer]
PublicKey = XXXX
Endpoint = 11.11.11.11:51821 <- IP of the WG server.
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepAlive=25
Server config:
[Interface]
PrivateKey = XXXX
Address = 10.10.10.1/32
ListenPort = 51821
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i
-j ACCEPT; iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o
%i -j ACCEPT; iptables -t nat -D POSTROUTING -o eno1 -j MASQUERADE
# IP forwarding
PreUp = sysctl -w net.ipv4.ip_forward=1
[Peer]
PublicKey = XXXX
AllowedIPs = 10.10.10.10/32, 192.168.128.0/17 <- Client's internal
network.
My goal is that regular outbound traffic just goes out the client node's
outside routable interface and traffic between the internal networks
goes through wireguard.
For example, I'm seeing email being sent through the MTA I have
configured on the "client" is showing up as originating from the
outbound IP of the "server".
Thanks!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x1BF1B863.asc
Type: application/pgp-keys
Size: 3959 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20230103/70581db3/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20230103/70581db3/attachment.sig>
More information about the WireGuard
mailing list