Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Ajex2020-02-06 15:39:21
linux
Ajex, 2020-02-06 15:39:21

How to access the local subnet of a client behind NAT through a WireGuard VPN tunnel?

There is a need to access the client's local subnet behind NAT using the WireGuard tunnel.
There is:
Raised WireGuard server with white Internet address xxxx (internal 10.0.0.1)
Clients connected to it:
Client 1 connected to this server (interface1 10.0.0.2, interface2 192.168.0.1)
Client 2 connected to this server (10.0.0.3 )
All 3 hosts see each other, traffic runs. However, I need to access the 192.168.0.0/24 subnet of Client 1 from Client 2 . How correctly in this situation to configure routing and routing? Host systems - it doesn't matter, let's say linux
VPN - WireGuard, yes, I know about OpenVpn and others, but in this situation, WireGuard is very convenient for me. Yes, and it doesn't matter.

Server config wg0.conf
[Interface]
Address = 10.0.0.1/24
SaveConfig = true
ListenPort = 51820
PrivateKey = ...
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat
[Peer]
PublicKey = ...
AllowedIPs = 10.0.0.2/32
[Peer]
PublicKey = ...
AllowedIPs = 10.0.0.3/32

Client config wg2.conf
[Interface]
PrivateKey = ...
ListenPort = 51820

[Peer]
PublicKey = ...
AllowedIPs = 0.0.0.0/0
Endpoint = x.x.x.x:51820
PersistentKeepalive = 21

Client Interface
iface wg2 inet static
address 10.0.0.2
netmask 255.255.255.0
pre-up ip link add $IFACE type wireguard
pre-up wg setconf $IFACE /etc/wireguard/$IFACE.conf
post-down ip link del $IFACE

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
A
Alexey Cheremisin, 2020-02-06
@leahch

You need to set routes on computers in your network and on the client's to routers that hold vpn. So that they know where to forward packets for specific subnets.
Allow appropriate subnets in wireguard configs.
More details here - https://medium.com/@jmarhee/configuring-and-managi...

Report
R
r0ck3r, 2020-02-07
@r0ck3r

I think the following will help you:
On a computer with interface 192.168.0.1
# enable IP forwarding if it is not enabled
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o INTERFACE_NAME_С_192.168.0.1 -j MASQUERADE
On computers on the 10.xxx network
route add -net 192.168.0.0/24 gw 10.0.0.2

Similar questions
S
santavits2019-11-13 14:43:29
How to fix the link when sending? 7Reply
D
Denis Balandin2019-12-04 10:18:49
How do I replace the "Add to Cart" button for a specific brand? 2Reply
B
bituke2021-05-26 10:08:52
How to quickly deploy someone else's django project? 4Reply
D
Danil2020-03-14 19:16:34
How to create custom macros for text in PHP? 7Reply
A
Alexander2015-03-18 05:03:31
Why is the mouse cursor wildly dull in idealC, netbeans, android studio programs? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question