search

WireGuard / wireguard-vyatta-ubnt

WireGuard for Ubiquiti Devices
https://www.wireguard.com/
GNU General Public License v3.0
1.46k stars 69 forks source link

Route all traffic through vpn #33

Closed robertmircea closed 4 years ago

robertmircea commented 4 years ago

Any ideas on how to route ALL traffic from IOS device through Wireguard VPN hosted on USG3? My IOS client connects to VPN server, but I cannot ping anything inside.

Client:

[Interface]
PrivateKey = MP...

[Peer]
PublicKey = uRL...
AllowedIPs = 10.16.1.51/32
Endpoint = w.x.y.z:51820
PersistentKeepalive = 25

Server:

"interfaces": {
        "wireguard": {
            "wg0": {
                "address": [
                    "10.16.1.1/24"
                ],
                "firewall": {
                    "in": {
                        "name": "LAN_IN"
                    },
                    "local": {
                        "name": "LAN_LOCAL"
                    },
                    "out": {
                        "name": "LAN_OUT"
                    }
                },
                "listen-port": "51820",
                "peer": [                 
                    {
                        "mP...": {
                            "allowed-ips": [
                                "10.16.1.51/32"
                            ],
                            "persistent-keepalive": 25
                        }
                    }
                ],
                "private-key": "/config/auth/wireguard/wg_private.key",
                "route-allowed-ips": "true"
            }
        }
    },
FossoresLP commented 4 years ago

The client needs to have allowed IPs set to 0.0.0.0/0, ::/0 to route all traffic through the VPN. Also please note that general WireGuard configuration questions should not be asked here.

robertmircea commented 4 years ago

Thanks for reply. It's not a Wireguard configuration question, it looks like a combination between USG and Wireguard, probably a missing USG configuration (routing/firewall) for Wireguard. Although sudo wg show wg0 shows handshake completed, I cannot ping the other party. From packet counters it looks like packets are sent, but no reply is received. I did the test from both ends: client and USG shell. If this type of question is not for this project, I would appreciate a hint where to post it.

FossoresLP commented 4 years ago

@robertmircea Configuration questions are better suited for the thread on the Ubiquiti forums. GitHub issues should only be opened for real bugs or feature requests.