On 12/23/18 12:29 PM, C. Cook wrote: > On 12/23/18 11:59 AM, C. Cook wrote: >> In the router I am trying to DNAT an IP that should be _encapsulated >> in the tunnel_. It must be that I should DNAT the LAN address of the >> WG server. >> >> *DOH!!* >> >> Now it is fscking pinging the WG server 10.1.5.16 from the phone! >> >> But I can't ping that server's LAN address, nor any other address on >> the LAN. So the phone app is communicating with the WG server but >> not the rest of the system. And no Shorewall errors in dmesg on that >> server. Hmm. >> >> >> > You can maybe run date |logger to make a timestampped log. >> > Or configure r/syslog to include timestamps to /var/log/syslog (messages?) >> >> I find that what I want is in /etc/profile: >> >> alias dmesg='dmesg -T --ctime' >> > Turns out that in the phone WireGuard app I had set for peer IPs only > the WG IP. I had to add the WG server's LAN IP to Allowed to be able > to ping it. > > Still can't ping any other LAN member though, even though in the WG > server I have sysctl.d/ > > net.ipv4.ip_forward = 1 > net.ipv4.conf.all.forwarding=1 > #net.ipv4.conf.all.mc_forwarding=0 > > And shorewall.conf > > IP_FORWARDING=Yes > > Rebooted of course. > SNAT!!
MASQUERADE 10.1.5.0/24,192.168.1.0/24 eth0 It twerks! The first time I've succeeded with a VPN! (Never bothered with lame OpenVPN) WireGuard: Recommended, and Linus is soon putting it in the kernel.
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
