Join Log in
Score:0
avatar Server

Wireguard Client Cannot Connect to Server Subnet

fr flag
Kheldar Ambar

I have a working setup of wireguard (Ubuntu 20.04 server, one Ubuntu 20.04 client and one Windows 10 client). I can connect to devices behind the VPN server.

VPN Server (EndPoint): 1.2.3.2/32
Public Subnet EndPoint sits in: 1.2.3.0/27
WireGuard Server Address: 10.2.0.1/16
Office LAN: 10.0.0.0/16
Peer Address: 10.2.0.3/16

The problem is that the clients cannot connect to anything that should go over the vpn including the EndPoint address when I add the public subnet of the WireGuard public interface to AllowedIPs in the client config:

AllowedIPs = 10.2.0.0/16, 10.0.0.0/16, 1.2.3.0/27

OR add the EndPoint address:

AllowedIPs = 10.2.0.0/16, 10.0.0.0/16, 1.2.3.2/32

It works when I add other individual addresses from the public subnet. I can connect to those servers over the VPN (traceroute says so):

AllowedIPs = 10.2.0.0/16, 10.0.0.0/16, 1.2.3.3/32, 1.2.3.4/32

Additional Info:

CLIENT

$ sudo cat /etc/wireguard/wg1.conf
[Interface]
PrivateKey = <snipped>
Address = 10.2.0.3/16

[Peer]
PublicKey = <snipped>
AllowedIPs = 10.2.0.0/16, 10.0.0.0/16, 1.2.3.3/32, 1.2.3.4/32, 1.2.3.0/27
Endpoint = 1.2.3.2:51820

$ ip route
default via 10.25.0.1 dev wlp0s20f3 proto dhcp metric 600 
10.0.0.0/16 dev wg1 scope link 
10.25.0.0/16 dev wlp0s20f3 proto kernel scope link src 10.25.50.12 metric 600 
10.2.0.0/16 dev wg1 proto kernel scope link src 10.2.0.3 
1.2.3.0/27 dev wg1 scope link 
1.2.3.3 dev wg1 scope link 
1.2.3.4 dev wg1 scope link

$ sudo tcpdump -nn -i any 'udp port 51820'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
23:21:43.439854 IP 10.2.0.3.34656 > 1.2.3.1.51820: UDP, length 148
23:21:48.705386 IP 10.2.0.3.34656 > 1.2.3.1.51820: UDP, length 148
23:21:54.081297 IP 10.2.0.3.34656 > 1.2.3.1.51820: UDP, length 148
23:21:59.201381 IP 10.2.0.3.34656 > 1.2.3.1.51820: UDP, length 148

Traceroute times out.

SERVER

$ ip route
default via 1.2.3.1 dev enp1s0 proto static 
10.0.0.0/16 dev enp6s0 proto kernel scope link src 10.0.25.20 
10.0.0.0/16 via 10.0.1.254 dev enp6s0 proto static metric 100 
10.2.0.0/16 dev wg0 proto kernel scope link src 10.2.0.1 
1.2.3.0/27 dev enp1s0 proto kernel scope link src 1.2.3.2

$ sudo cat /etc/wireguard/wg0.conf 
[Interface]
Address = 10.2.0.1/16
SaveConfig = true
PostUp = ufw route allow in on wg0 out on enp6s0
PostUp = iptables -t nat -I POSTROUTING -o enp6s0 -j MASQUERADE
PreDown = ufw route delete allow in on wg0 out on enp6s0
PreDown = iptables -t nat -D POSTROUTING -o enp6s0 -j MASQUERADE
ListenPort = 51820
PrivateKey = <snipped>

[Peer]
PublicKey = <snipped>
AllowedIPs = 10.2.0.2/32
Endpoint = <snipped>:37785

[Peer]
PublicKey = <snipped>
AllowedIPs = 10.2.0.3/32
Endpoint = <snipped>:37950
27
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.