7

First off: this is not a duplicate. I've tried everything except OpenVPN or IPSec. I'm receiving a handshake between the client and server, and SSH and Ping work between clients, but I cannot access the global internet or even have access to the server's public IP. My config is just the usual, keys, endpoints, I followed the Linode guide exactly. My client is openSUSE but my server is ubuntu, which I'm assuming is the chokepoint.

kektagen
  • 71

2 Answers2

8

This is exactly the situation I had. Does your server have a public IP or is it behind a NAT? If it's behind a NAT, the PostUp and PostDown iptables commands from the Linode guide don't apply.

Try adding the following to your server configuration file, changing eth0 to whatever your computer calls it:

PreUp = iptables -t nat -A POSTROUTING -j MASQUERADE -o eth0
PreDown = iptables -t nat -D POSTROUTING -j MASQUERADE -o eth0

Source: https://unix.stackexchange.com/questions/530790/wireguard-not-routing-traffic-from-client-to-other-servers-on-the-network

Example configuration

Here's an example configuration where the router is at 10.0.1.1 (normal network) and 10.0.0.x is the new WireGuard network, with the server being configured for 10.0.0.1 and the client for 10.0.0.2. The port used is 51820 and the default network interface is eth0. All traffic is routed through WireGuard, but it does not stay within the WireGuard subnet. The client has access to the server's local network (10.0.1.x) and the general internet. Don't forget to forward the 51820 port from your router to your server and to enable ipv4 forwarding on the server (# sysctl -w net.ipv4.ip_forward=1)

Server configuration

[Interface]
Address = 10.0.0.1/24
PrivateKey = YOUR_SEVER_PRIVATE_KEY
ListenPort = 51820
PreUp = iptables --table nat --append POSTROUTING --jump MASQUERADE --out-interface eth0
PreDown = iptables --table nat --delete POSTROUTING --jump MASQUERADE --out-interface eth0

[Peer]
PublicKey = YOUR_CLIENT_PUBLIC_KEY
AllowedIPs = 10.0.0.2/32

Client configuration

[Interface]
Address = 10.0.0.2/24
DNS = 10.0.1.1
PrivateKey = YOUR_CLIENT_PRIVATE_KEY
ListenPort = 51820

[Peer]
PublicKey = YOUR_SERVER_PUBLIC_KEY
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = YOUR.DYNAMIC_DNS.COM:51820
Kyle
  • 181
1

Depending on your Cloud provider you might have to change the MTU, Wireguard default MTU is 1420 while Google Cloud MTU is 1460. So if you are using google Cloud set the MTU to 1460 by adding MTU = 1460 to the interface of both clients and server will solve the problem.

You can check my full tutorial on Github if having any trouble.

Antonin GAVREL
  • 299