Correct settings AllowedIPs = 10.10.10.10/32, 192.168.128.0/17, ::/1, 8000::/1
On Wed, Jan 4, 2023 at 2:48 PM Jeremy Hansen <jer...@skidrow.la> wrote: > > I have a remote network that I've tied in to my WG server. I'm noticing > that all traffic from this remote network that goes outbound to the > internet is getting routed through my wireguard server. > > Client config: > [Interface] > PrivateKey = XXXX > Address = 10.10.10.10/32 > ListenPort = 51821 > > [Peer] > PublicKey = XXXX > Endpoint = 11.11.11.11:51821 <- IP of the WG server. > AllowedIPs = 0.0.0.0/0, ::/0 > PersistentKeepAlive=25 > > > Server config: > [Interface] > PrivateKey = XXXX > Address = 10.10.10.1/32 > ListenPort = 51821 > > PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i > -j ACCEPT; iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE > PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o > %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eno1 -j MASQUERADE > > # IP forwarding > PreUp = sysctl -w net.ipv4.ip_forward=1 > > [Peer] > PublicKey = XXXX > AllowedIPs = 10.10.10.10/32, 192.168.128.0/17 <- Client's internal > network. > > > My goal is that regular outbound traffic just goes out the client node's > outside routable interface and traffic between the internal networks > goes through wireguard. > > For example, I'm seeing email being sent through the MTA I have > configured on the "client" is showing up as originating from the > outbound IP of the "server". > > Thanks!