Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
H
H
hostadmin2021-07-20 19:00:04
openvpn
hostadmin, 2021-07-20 19:00:04

How to make traffic go between OpenVPN and Wireguard networks?

There is a VPS on which openvpn (network 10.8.0.*) and wireguard (10.7.0.*) are raised.

There are two clients with networks 192.168.1.0/32 and 192.168.0.0/32. This is an apartment and cottage.

There are also other clients that should have access to the specified networks 192...

Previously, only openVPN was configured and everything worked fine. Now I want to switch to wireguard, but a transitional period is required and the work of both openvpn and wireguard is required.

Now the network 192.168.1.0 (apartment) remains on openvpn, and 192.168.0.0 (cottage) on wireguard.

The router with wireguard connects to the server, pings on ip 10.7.0.* go back and forth, you can ping 10.8.0.1 from the router and everything will be fine, but pings to 10.8.0.* no longer go (although everything pings normally from the server itself ). There are also no pings to 192.168.1.1 (a home router connected via openvpn, 10.8.0.7).

The routes on the server are now:

# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         51.***      0.0.0.0         UG    0      0        0 eth0
10.7.0.0        0.0.0.0         255.255.255.0   U     0      0        0 wg0
10.8.0.0        0.0.0.0         255.255.255.0   U     0      0        0 tun0
51.***      0.0.0.0         255.255.255.255 UH    0      0        0 eth0
172.16.238.0    0.0.0.0         255.255.255.0   U     0      0        0 br-a453332e5303
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.1.0     10.8.0.2        255.255.255.0   UG    0      0        0 tun0


It is necessary that the networks behind the wg0 and tun0 interfaces see each other.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
A
Alexey Dmitriev, 2021-07-20
@SignFinder

And here routes on the server? They are automatically created.
The following must be allowed on the server:
1. forward packets through the kernel (sysctl)
2. The firewall must allow packets to pass between networks 192.168.1.0 and 192.168.0.0 (iptables -A FORWARD xxxx -j ACCEPT), or between interfaces (iptables -A FORWARD -i xxx -o xxx -j ACCEPT).
But your end devices in both subnets must have routes to opposite subnets - each through its own VPN. Or distribute them automatically or by hand.
In general, the idea of ​​a semi-relocation and waiting for an answer here on the forum, instead of a complete migration of a summer house and an apartment, looks crooked.

Report
H
hostadmin, 2021-07-20
@hostadmin

In short, everything turned out to be simple - on a router that did not respond, it was necessary to register a route to 10.7.0.1, without it he could not answer the ping.

Similar questions
U
Uncle Seryozha2016-09-05 13:00:56
Router with built-in OpenVPN server and PfSense? 1Reply
A
Andrey2019-02-12 23:14:29
VPN connection through proxy? 1Reply
T
tarielx2014-09-10 23:21:06
How to wrap traffic from an external interface to a server in a vpn network? 1Reply
M
MaxxDamage2019-02-18 09:43:25
How to make the tunnel from the server to the client work? 3Reply
A
avp2016-09-20 17:34:59
Interface disappears when connecting TLS in OpenVPN? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question