On Fri, Aug 27, 2021 at 02:20:29PM +0100, Zé Loff wrote:
>
> On Fri, Aug 27, 2021 at 03:03:36PM +0200, Erling Westenvik wrote:
> > Hello all,
> > I have successfully set up a wg(4) based VPN tunnel from my laptop
> > (current) to my home/office gateway (6.9) but have problems
> > understanding how to access the LAN behind the gateway.
> >
> > [Laptop]
> > - wg0 (10.0.0.42)
> > - egress (trunk0 {em0 iwn0} dhcp)
> > [Internet]
> > [Gateway]
> > - egress (em0 dhcp)
> > - wg0 (10.0.0.1)
> > - bridge0 {em1, (vether0 192.168.3.1 dhcpd)}
> > [LAN]
> > - various 192.168.3.0/24
> >
> > I can ping/ssh between wg(4) endpoints (10.0.0.1 to 10.0.0.42 and vica
> > versa) and also from LAN clients (192.168.3.0/24) to gateway wg(4)
> > endpoint (10.0.0.1), but the laptop (10.0.0.42) can only reach the
> > gateway (10.0.0.1).
> >
> > Is it as easy as defining some routes? If so, where? There's a ton of
> > more or less relevant and/or updated howto's out there but I have not
> > found anyone dealing with a similar scenario. Any hints are appreciated.
>
> I added something like
>
> !route add 192.168.3.0/24 10.0.0.1
>
> to /etc/hostname.wg0.
Thanks. I did too, I just forgot to mention it.
It doesn't work in my case though.
At least your answer tells me that what I try to achieve, to access the
LAN behind a wg(4) endpoint, is possible, right?
> Of course this _might_ be messy if by any chance your laptop's local
> network is also 192.168.3.0/24 or a subset of this range.
When connected to the LAN it of course is, but there should not be any
traces of that range after a reboot or two.
Guess I'm up for debugging, testing of pf rules, and tcpdumping..
Any ideas where to begin is appreciated.
Erling
> >
> > (My wg(4) setup is based on:
> > https://www.tumfatig.net/20201202/a-mesh-vpn-using-openbsd-and-wireguard/)
> >
> > Best regards,
> >
> > Erling
> >
>
> --
>
