On 1/1/19 10:46 AM, siefke_lis...@web.de wrote: > Forwarding is enabled like it stand in tutorial of Arch and Firewall > only must open the port I used for wireguard? >
There are 3 of cases that come to mind. (a) you're testing on internal network (b) you're using external and wireguard is running on firewall and (c) you're using external and wireguard is running behind your firewall.
In all cases, on the server running wireguard, you need iptables rules to managing forwarding in addition to having net.ipv4.ip_forward = 1 to enable forwarding in /etc/systctl.d/syscttl.conf and reload sysctl.
I'd recommend getting things working on (a) inside your network first, then deal with packets going through your internet facing firewall.
So in summary, I'd ensure your iptables rules on the VPN server are correct and working testing purely inside your network.
