Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Wireguard server and/or iptables issue [SOLVED]
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
erg_samowzbudnik
Apprentice
Apprentice


Joined: 09 Sep 2011
Posts: 229
Location: European sticks
PostPosted: Tue Mar 03, 2020 4:01 pm    Post subject: Wireguard server and/or iptables issue [SOLVED] Reply with quote
I'm setting up wireguard server on a remote RPi to connect to with a laptop. Both run Gentoo. I can already reach the wireguard server (tcpdump shows a packet arrive) but then connection instantly dies on a client and I need to 'wg-quick down wg0' to get network back (on the client).
RPi runs iptables. So perhaps I'm having an issue with its' rules? I am not too good with networking/iptables so I've been trying to copy/paste rules into /etc/wireguard/wg0.conf ... I've tried with none, explicitly opening port used by wireguard as well as each of those two sets below:

PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

but connection still dies as soon as I bring up wg0 on the client.

Edit:

servers' /etc/wireguard/wg0.conf

Code:
[Interface]
Address = 10.0.0.1/24
ListenPort = 3000
PrivateKey = yyy
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = xxx
AllowedIPs = 10.0.0.2/32


clients' /etc/wireguard/wg0.conf

Code:
[Interface]
PrivateKey = xxxxx
Address = 10.0.0.2/32
[Peer]
PublicKey = yyy
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = 18.xx.xx.xx:3000


Last edited by erg_samowzbudnik on Sat Mar 07, 2020 3:53 pm; edited 1 time in total
Back to top
View user's profile Send private message
erg_samowzbudnik
Apprentice
Apprentice


Joined: 09 Sep 2011
Posts: 229
Location: European sticks
PostPosted: Sat Mar 07, 2020 3:53 pm    Post subject: Reply with quote
The issue was resolved by setting net.ipv4.ip_forward=1 in /etc/sysctl.conf
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy