search

githubixx / ansible-role-wireguard

Ansible role for installing WireGuard VPN. Supports Ubuntu, Debian, Archlinx, Fedora and CentOS.
https://www.tauceti.blog/post/kubernetes-the-not-so-hard-way-with-ansible-wireguard/
585 stars 182 forks source link

wireguard peer missing and unreachable #207

Open Dialgatrainer02 opened 4 months ago

Dialgatrainer02 commented 4 months ago

hello. I have 3 wireguard nodes my laptop an lxc server at home an oracle cloud instance

im trying to allow my laptop to be able to access my lan and my lan machine and my laptop to use the cloud instance to access the internet. with my current setup the cloud instance has network access the lan server and cloud vps can access the internet but not peers and my laptop has no dns but can reach 1.1.1.1ands cant reach any peers. i have setup basic wireguard hub and spoke setups before by hand but im struggling with this setup. snippet of my inventory related to wireguard

wireguard:
  hosts:
    wireguard-oci:
      ansible_host: 1.1.1.1#changed to not leak ips
      ansible_user: opc
      ansible_ssh_private_key_file: ../ssh_keys/staging_key
      wireguard_endpoint: ""
      wireguard_addresses:
        - "10.50.0.1/32"
      wireguard_allowed_ips: "10.50.0.1/32"
      wireguard_postup: # enables masquerading 
        -  nft add table inet wireguard; nft add chain inet wireguard wireguard_chain {type nat hook postrouting priority srcnat\; policy accept\;}; nft add rule inet wireguard wireguard_chain counter packets 0 bytes 0 masquerade;
      wireguard_postdown:
        - nft delete table inet wireguard;
    wireguard-home:
      ansible_host: 192.168.0.108
      ansible_user: root
      ansible_ssh_private_key_file: ../ssh_keys/staging_key
      wireguard_addresses:
        - "10.50.0.2/32"
      wireguard_allowed_ips: "10.50.0.3/32, 192.168.0.0/24"# allows lan access 
      wireguard_endpoint: "1.1.1.1"
    laptop:
      wireguard_addresses:
        - "10.50.0.3/32"
      wireguard_endpoint: "1.1.1.1"
      ansible_connection: local

wg on cloud instance

interface: wg0
  public key: FJwNdrVg1UcEq0w0RB83bPrJSYxF3NhjXu7Wv+BpCXo=
  private key: (hidden)
  listening port: 51820

peer: zmBrEVlkCss4Kxb4nZi88V+8TNa78O2dSEsXopYbJ1M=
  endpoint:  1.1.1.1:51820
  allowed ips: 192.168.0.0/24
  transfer: 0 B received, 68.22 KiB sent

for some reason my laptop isnt showing as a peer cloud wg0.conf

# Ansible managed

[Interface]
# wireguard-oci
Address = 10.50.0.1/32
PrivateKey = ###################################################
ListenPort = 51820
PostUp = nft add table inet wireguard; nft add chain inet wireguard wireguard_chain {type nat hook postrouting priority srcnat\; policy accept\;}; nft add rule inet wireguard wireguard_chain counter packets 0 bytes 0 masquerade;
PostDown = nft delete table inet wireguard;

[Peer]
# Name = wireguard-home
PublicKey = ###########################################
AllowedIPs = 192.168.0.0/24
Endpoint = 1.1.1.1:51820

[Peer]
# Name = laptop
PublicKey = #################################################
AllowedIPs = 10.50.0.3/32
Endpoint = 1.1.1.1:51820

running wg on my home server shows both peers

i have definatly added the security list to allow wireguard through on oracle cloud (allows udp traffic on port 51820)