On Fri, Aug 27, 2021 at 03:03:36PM +0200, Erling Westenvik wrote:
> Hello all,
> I have successfully set up a wg(4) based VPN tunnel from my laptop
> (current) to my home/office gateway (6.9) but have problems
> understanding how to access the LAN behind the gateway.
>
> [Laptop]
> - wg0 (10.0.0.42)
> - egress (trunk0 {em0 iwn0} dhcp)
> [Internet]
> [Gateway]
> - egress (em0 dhcp)
> - wg0 (10.0.0.1)
> - bridge0 {em1, (vether0 192.168.3.1 dhcpd)}
> [LAN]
> - various 192.168.3.0/24
>
> I can ping/ssh between wg(4) endpoints (10.0.0.1 to 10.0.0.42 and vica
> versa) and also from LAN clients (192.168.3.0/24) to gateway wg(4)
> endpoint (10.0.0.1), but the laptop (10.0.0.42) can only reach the
> gateway (10.0.0.1).
>
> Is it as easy as defining some routes? If so, where? There's a ton of
> more or less relevant and/or updated howto's out there but I have not
> found anyone dealing with a similar scenario. Any hints are appreciated.
Routes:
laptop: route add 192.168.3/24 10.0.0.1
"various 192.168.3.0/24": route add 10.0.0.42 192.168.3.1
(The latter is probably already the case if 192.168.3.1 is the default gw)
Alternatively, NAT the traffic from 10.0.0.42 onto the 192.168.3/24 network
Something like this late in the pf rules on Gateway:
match out on em1 from any received-on wg0 nat-to (em1)
/Alexander
>
> (My wg(4) setup is based on:
> https://www.tumfatig.net/20201202/a-mesh-vpn-using-openbsd-and-wireguard/)
>
> Best regards,
>
> Erling
>
