On Sat, 23 Jan 2021 11:52:56 -0500 Ken D'Ambrosio <k...@jots.org> wrote:
> Hey, all. I'm relatively new to WireGuard, and have a RasPi at my house > doing firewall duty. Installed WG on it, and on a VPS, and am trying to > get the VPS to access hosts on my home subnet. So: > > VPS <-192.168.50.0/24-> RasPi <--> [192.168.10.0/24] > > And, clearly, I'm doing something wrong. > > ----------------------------------------------------------- > RasPi server/firewall: > [Interface] > Address = 192.168.50.1/24 > SaveConfig = false > ListenPort = 51820 > PrivateKey = XXX > [Peer] > PublicKey = XXX > AllowedIPs = 192.168.50.11/32 > > VPS: > [Interface] > Address = 192.168.50.11/24 > PrivateKey = XXX > [Peer] > PublicKey = XXX > Endpoint = vpn.foo.bar:51820 > AllowedIPs = 192.168.50.0/24,192.168.10.0/24 > ----------------------------------------------------------- > > The client connects just fine, and it can talk to the server's VPN IP > (192.168.50.1) as well as its internal interface (192.168.10.1). > Likewise, the server can talk to 192.168.50.11. But nothing gets inside > to other 192.168.10.x hosts. I do have forwarding set up for "all": > > root@prouter:/proc# cat /proc/sys/net/ipv4/conf/all/forwarding > 1 > > Note that the config files have gone through several permutations as I > tried to figure this out, so there may be some dumb stuff, but totally > open to suggestions right now. I'm kinda stumped. Note that a tcpdump > on the RasPi shows the ping requests coming in, but not being forwarded > to the internal interface, so I assume I'm just missing Something > Dumb(tm) in WG land. Did you allow forwarding in RPi's firewall? Post "iptables-save" from it. -- With respect, Roman