Join Log in
Score:0
Aman Juman avatar Server

WireGuard Chain Tunnel

ng flag
Aman Juman

I'm trying to build a chain WireGuard Tunnel. Right now testing, but I'm stuck.

I have two WireGuard servers, 1st one is in India 2nd one is in Singapore. Here is what I'm trying.

Client < 10.26.26.0/24 > India < 10.26.27.0/24 > Singapore

IN Tunnel Peer: 10.26.26.20/32 SG Tunnel Peer: 10.26.27.20/32

I was able to deploy the WireGuard on both servers. And now I'm trying to establish a connection between India <> Singapore by creating a new tnl0 interface. Whenever I establish it kicks me from SSH. I believe I have to do some kind of firewall stuff here. Here is the server configuration. India Chain WG Interface:

#Server:
[Interface]
Address = 10.26.26.1/24
ListenPort = 443
PrivateKey = YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY
SaveConfig = true
## Firewall Rules
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
#PC-PEER:
[Peer]
Public Key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
AllowedIPs = 10.26.26.2/32
#Tnl-PEER:
[Peer]
PublicKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
AllowedIPs = 10.26.26.20/32

Singapore Server:

#Server:
[Interface]
Address = 10.26.27.1/24
ListenPort = 443
PrivateKey = YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY
SaveConfig = true
## Firewall Rules
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
#Tnl-PEER:
[Peer]
PublicKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
AllowedIPs = 10.26.27.20/32

India to Singapore Tunnel Config:

[Interface]
PrivateKey = YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY
Address = 10.26.27.20/32
DNS = 1.1.1.1
[Peer]
PublicKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
AllowedIPs = 10.26.27.0/24
Endpoint = 1.2.3.4:443
PersistentKeepalive = 21

I tried to follow this guide https://www.ckn.io/blog/2017/12/28/wireguard-vpn-chained-setup/ But this one is very old and not working. I tried to replicate as much as I can do but had no luck. I believe I have to add some routing tables in Tunnel Config so that that allows me to pass client's traffic to the Singapore server via India.

469
0 + 2
vpn
cn flag
Mikael Öhman
You didn't mention it, and I think you need to allow forwarding; `sysctl -w net.ipv4.ip_forward=1`. Also, you are setting routing everything `AllowedIPs = 0.0.0.0/0`, that's not good. That will that includes the endpoint traffic itself, so, you'll cut yourself off. You have to be more selective on the peers `AllowedIPs`
0
Reply
Aman Juman avatar
ng flag
Aman Juman
Actually, I have added sysctl -w net.ipv4.ip_forward=1 and both server is working properly. Now I have no idea How I can connect Server-1 with Server-2 and pass client traffic via Server-1 through Server-2. And I updated the config, instead of 0.0.0.0/0, I used 2nd server WG Subnet.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.