On Fri, Aug 27, 2021 at 02:20:29PM +0100, Zé Loff wrote: > > On Fri, Aug 27, 2021 at 03:03:36PM +0200, Erling Westenvik wrote: > > Hello all, > > I have successfully set up a wg(4) based VPN tunnel from my laptop > > (current) to my home/office gateway (6.9) but have problems > > understanding how to access the LAN behind the gateway. > > > > [Laptop] > > - wg0 (10.0.0.42) > > - egress (trunk0 {em0 iwn0} dhcp) > > [Internet] > > [Gateway] > > - egress (em0 dhcp) > > - wg0 (10.0.0.1) > > - bridge0 {em1, (vether0 192.168.3.1 dhcpd)} > > [LAN] > > - various 192.168.3.0/24 > > > > I can ping/ssh between wg(4) endpoints (10.0.0.1 to 10.0.0.42 and vica > > versa) and also from LAN clients (192.168.3.0/24) to gateway wg(4) > > endpoint (10.0.0.1), but the laptop (10.0.0.42) can only reach the > > gateway (10.0.0.1). > > > > Is it as easy as defining some routes? If so, where? There's a ton of > > more or less relevant and/or updated howto's out there but I have not > > found anyone dealing with a similar scenario. Any hints are appreciated. > > I added something like > > !route add 192.168.3.0/24 10.0.0.1 > > to /etc/hostname.wg0.
Thanks. I did too, I just forgot to mention it. It doesn't work in my case though. At least your answer tells me that what I try to achieve, to access the LAN behind a wg(4) endpoint, is possible, right? > Of course this _might_ be messy if by any chance your laptop's local > network is also 192.168.3.0/24 or a subset of this range. When connected to the LAN it of course is, but there should not be any traces of that range after a reboot or two. Guess I'm up for debugging, testing of pf rules, and tcpdumping.. Any ideas where to begin is appreciated. Erling > > > > (My wg(4) setup is based on: > > https://www.tumfatig.net/20201202/a-mesh-vpn-using-openbsd-and-wireguard/) > > > > Best regards, > > > > Erling > > > > -- >