On 6/5/20 8:08 PM, PGNet Dev wrote:
> On 6/5/20 4:11 PM, PGNet Dev wrote:
>>> That rule will be wiped out the next time you 'shorewall6 reload' or
>
> verified that to be the case
>
> moved all the wireguard-config ip(6)tables @remote rules to shorewall
> kept only the iproute rules in wireguard
On 6/5/20 4:11 PM, PGNet Dev wrote:
>> That rule will be wiped out the next time you 'shorewall6 reload' or
verified that to be the case
moved all the wireguard-config ip(6)tables @remote rules to shorewall
kept only the iproute rules in wireguard config @remote
added a system override to wg0
On 6/5/20 3:56 PM, Tom Eastep wrote:
>> *AND* @remote,
>>
>> /etc/wireguard/wg0
>>
>> +PostUp = ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>> +PostDown = ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
>>
>
> That rule will be wiped out the next
On 6/5/20 3:12 PM, PGNet Dev wrote:
> On 6/2/20 9:24 PM, Tom Eastep wrote:
>> I know nothing about Wireguard, but this article seems relevant (note
>> the 'Required key not available):
>>
>> https://bbs.archlinux.org/viewtopic.php?id=232754
>
> good hint!
>
> adding @local,
>
>
On 6/2/20 9:24 PM, Tom Eastep wrote:
> I know nothing about Wireguard, but this article seems relevant (note
> the 'Required key not available):
>
> https://bbs.archlinux.org/viewtopic.php?id=232754
good hint!
adding @local,
/etc/wireguard/wg0
+ AllowedIPs =
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 6/2/20 7:39 PM, PGNet Dev wrote:
> On 6/2/20 2:28 PM, Tom Eastep wrote:
>> For route (such as these) in the main routing table, I prefer the
>> system networking config files.
>
>
> easily enough done in wireguard conf,
>
> @remote
>
>
On 6/2/20 2:28 PM, Tom Eastep wrote:
> For route (such as these) in the main routing table, I prefer the system
> networking config files.
easily enough done in wireguard conf,
@remote
/etc/wireguard/wg0.conf
[Interface]
...
+ PostUp = ip
On 6/1/20 9:24 PM, PGNet Dev wrote:
> On 6/1/20 4:51 PM, Tom Eastep wrote:
>>> @ local
>
>> You are missing a default route: via fd10:254:254::1 dev wg0
>
>>> @ remote
>
>> That route is incorrect -- it should be via fd10:254:254::1 dev wg0.
>
> Thanks! Obviously non-obvious to me :-/
>
>
On 6/1/20 4:51 PM, Tom Eastep wrote:
>> @ local
> You are missing a default route: via fd10:254:254::1 dev wg0
>> @ remote
> That route is incorrect -- it should be via fd10:254:254::1 dev wg0.
Thanks! Obviously non-obvious to me :-/
Such routes can be set/handled by
system
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 5/30/20 7:11 PM, PGNet Dev wrote:
> hi,
>
> i've got two linux machines
>
> uname -rm 5.6.15-24.gfe7831e-default x86_64 iptables -V iptables
> v1.8.4 (legacy)
>
> connected via a wireguard VPN.
>
> shorewall{,6}-lite, v5.2.4.5 runs on both.
>
>
hi,
i've got two linux machines
uname -rm
5.6.15-24.gfe7831e-default x86_64
iptables -V
iptables v1.8.4 (legacy)
connected via a wireguard VPN.
shorewall{,6}-lite, v5.2.4.5 runs on both.
The two machines are config'd as
(1) remote
11 matches
Mail list logo