search

runfalk / synology-wireguard

WireGuard support for some Synology NAS drives
MIT License
920 stars 131 forks source link

No access to local devices #46

Closed suxus-zz closed 3 years ago

suxus-zz commented 3 years ago

Hello

My DS718+ have the IP 192.168.99.23 (Network Bond) and the firewall is inactive. Router: 192.168.99.1 PiHole: 192.168.99.46

root@DS718:/etc/wireguard# ifconfig
bond0     Link encap:Ethernet  HWaddr 00:11:32:B5:AD:9B  
          inet addr:192.168.99.23  Bcast:192.168.99.255  Mask:255.255.255.0
          inet6 addr: fe80::211:32ff:feb5:ad9b/64 Scope:Link
          UP BROADCAST RUNNING MASTER MULTICAST  MTU:1500  Metric:1
          RX packets:363502 errors:0 dropped:0 overruns:0 frame:0
          TX packets:293497 errors:0 dropped:4 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:171938183 (163.9 MiB)  TX bytes:261313323 (249.2 MiB)

eth0      Link encap:Ethernet  HWaddr 00:11:32:B5:AD:9B  
          UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:17723 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10139 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:5262002 (5.0 MiB)  TX bytes:1849850 (1.7 MiB)

eth1      Link encap:Ethernet  HWaddr 00:11:32:B5:AD:9B  
          UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:345779 errors:0 dropped:0 overruns:0 frame:0
          TX packets:283358 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:166676181 (158.9 MiB)  TX bytes:259463473 (247.4 MiB)

This is my wg0.conf (SERVER)

[Interface]
Address = 192.168.88.1/24
SaveConfig = true
PostUp = sysctl -w net.ipv4.ip_forward=1
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o bond0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o bond0 -j MASQUERADE
ListenPort = PORT
PrivateKey = PRIVATE-KEY

I don't know is the PostUp with "-o bond0" correctly?

And on my iPhone i have this settings.

INTERFACE PublicKey: PUBLIC-KEY-CLIENT Addresses: 192.168.88.2/24 DNS servers: 192.168.99.1

PEER PublicKey: PUBLIC-KEY-SERVER Endpoint: MY-DYNDNS:PORT Persistent keepalive: 15

I can connect to the server with my iPhone. Websites like Google are also displayed correctly, but when I try to connect to my NAS 192.168.99.23:5000 this does not work. Do you have to set something somewhere so that the access from 192.168.88.x to 192.168.99.x works? Or is my DNS setting wrong?

regrads Roger

suxus-zz commented 3 years ago

Hello

I found the solution, here is my server (bond0 is because i use link aggragation on my Synology)

[Interface]
Address = 10.0.1.1/32
PrivateKey = SERVER-PRIVATE-KEY
ListenPort = My-Server-Port
PostUp = iptables -t nat -A POSTROUTING -o bond0 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o bond0 -j MASQUERADE

[Peer] # iPhone
PublicKey = PUBLIC-KEY-CLIENT
AllowedIPs = 10.0.1.3/32

and the client

[Interface]
PublicKey = PUBLIC-KEY-CLIENT
Addresses = 10.0.1.3/32
MTU = 1420
DNS servers = 192.168.99.45    #IP-PiHole

[Peer] # iPhone
PublicKey = PUBLIC-KEY-SERVER
Endpoint: My-DynDNS:My-Server-Port
AllowedIPs = 0.0.0.0/0

All traffic goes thru the server and i can use my local network devices like NAS, MacMini-Server and access to the internet and what's awesome, thanks to the Pi-Hole, everything is ads-free.

Greeting Roger

runfalk commented 3 years ago

Glad it's resolved. Closing this issue