martinorob
commented
4 years ago Solved removing the "Reply to ARP requests if the target IP address is a local address configured on the incoming interface.".
https://www.synology.com/en-us/knowledgebase/DSM/help/DSM/AdminCenter/connection_network_route
After update DSM to 6.2.3-25426 Wireguard has stopped working. Wireguard start, clients connects but I can't ping anything on my network.
CONFIG
[Interface] Address = 192.168.3.200/24 PrivateKey = XXX ListenPort = 16666 PostUp = sysctl -w net.ipv4.ip_forward=1 PostUp = sysctl -w net.ipv6.conf.all.forwarding=1 PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ovs_bond0 -j MASQUERADE; sleep 3; ip route add 192.168.3.200/32 dev wg0; PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ovs_bond0 -j MASQUERADE
ifconfig
wg0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:192.168.3.200 P-t-P:192.168.3.200 Mask:255.255.255.0 UP POINTOPOINT RUNNING NOARP MTU:1420 Metric:1 RX packets:834 errors:0 dropped:0 overruns:0 frame:0 TX packets:43 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:82196 (80.2 KiB) TX bytes:1676 (1.6 KiB)
sudo wg show
interface: wg0 public key: XXXX private key: (hidden) listening port: 16666
peer:XXX preshared key: (hidden) endpoint: XX.XX.XX.XX:17509 allowed ips: 192.168.3.204/32 latest handshake: 1 minute, 21 seconds ago transfer: 80.36 KiB received, 1.64 KiB sent
route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 192.168.3.254 0.0.0.0 UG 0 0 0 ovs_bond0 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 172.20.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker-bbc4c5ae 172.21.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker-a53abf62 192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 ovs_bond0 192.168.3.200 0.0.0.0 255.255.255.255 UH 0 0 0 wg0 192.168.3.240 0.0.0.0 255.255.255.252 U 0 0 0 mynet-shim