Open tregnier opened 3 years ago
You have to allow routing. Change your wg0.conf to:
[Interface] Address = 10.0.0.1/16 PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -s 10.0.0.0/16 -o bond0 -j MASQUERADE;sleep 10;ip route add 10.0.0.0/16 via 10.0.0.1 dev %i PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -s 10.0.0.0/16 -o bond0 -j MASQUERADE ListenPort = 16666
obviously you have to include private key and peer info... and you need to change bond0 for your interface (eth0, etc)...
On the other hand, probably you need to allow forward packet:
modify
/etc/sysctl.conf
and add net.ipv4.ip_forward = 1
you will need to reboot
Listen port you can change it :)
Hi!
Actually my issue was that concatenate the instruction for allowing routing didn't work, not sure why.
I changed : PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
To: PostUp = iptables -A FORWARD -i %i -j ACCEPT PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
and all is working fine now. I just wanted to let people know in case someone get the same issue!
hello, need your help my wg0.conf:
[Interface] PrivateKey = *** Address = 10.66.66.2/32 PostUp = iptables -A FORWARD -i %i -j ACCEPT PostUp = iptables -t nat -A POSTROUTING -o ovs_eth1 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT PostDown = iptables -t nat -D POSTROUTING -o ovs_eth1 -j MASQUERADE
[Peer] PublicKey = PresharedKey = Endpoint = ***** AllowedIPs = 0.0.0.0/0
after wg-quick up wg0 see this: [#] ip link add wg0 type wireguard [#] wg setconf wg0 /dev/fd/63 [#] ip -4 address add 10.66.66.2/32 dev wg0 [#] ip link set mtu 1420 up dev wg0 [#] wg set wg0 fwmark 51820 [#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820 [#] ip -4 rule add not fwmark 51820 table 51820 [#] ip -4 rule add table main suppress_prefixlength 0 [#] sysctl -q net.ipv4.conf.all.src_valid_mark=1 [#] iptables-restore -n iptables-restore v1.8.3 (legacy): iptables-restore: unable to initialize table 'raw'
Error occurred at line: 2 Try `iptables-restore -h' or 'iptables-restore --help' for more information. [#] ip -4 rule delete table 51820 [#] ip -4 rule delete table main suppress_prefixlength 0 [#] ip link delete dev wg0
I want to use Syno as a client
Hi,
Some feedback after few days breaking my teeth on the configuration of wireguard.
I managed to get a connection with the synology NAS used as the server, but none of the other local device on the same LAN as the Synology server. I could acces 192.168.0.2 (Synology NAS), but none of the other device, like 192.168.0.3 could be accessed.
After few search, I realized that the following lines on the wireguard server config : PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
was not writiting any rules on the iptables. I breaked them into 2 lines:
PostUp = iptables -A FORWARD -i %i -j ACCEPT PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
Everything is now working like a charm.
my configuration:
Running XPenology DSM 6.1.x, I compiled a package of wireguard for the actual hardware I have. Local network on synology server side is subnet 255.255.255.0 / 192.168.0.x with several device connected over wifi & ethernet (Synology server on ethernet)
I am renting a domain name (from OVH) as I do not have static ip address. So far I was accessing Synology through https/port 443. I am using Synology DDNS parameters to update the domain to know the current public IP
My Lan is connected to internet behind a router/modem
Port 1500 is forwarded to Synology NAS on the router: UDP 1500 --> 192.168.0.2:1500
Confirguration of wireguard /etc/wireuard/wg0.conf on Synology NAS :
[Peer] PublicKey = Device 1 public key AllowedIPs = 10.0.10.2/32
[Peer] PublicKey = Device 2 Public Key AllowedIPs = 10.0.10.3/32
[Interface] PrivateKey = *** ListenPort = 1500 Address = 10.0.10.3/32
[Peer] PublicKey = Synology Public Key AllowedIPs = 0.0.0.0/1, 128.0.0.0/1 Endpoint = mydomain:1500