Questions tagged as ['wireguard']

Here is the scenario. Exchange server runs on a lan. Clients interact with the server via ActiveSync over HTTPs connections served by IIS. IIS is using a cert with SANs that are appropriate for the local domain. An example would be *.corpdomain.com. I'm attempting to allow access to the server via TailScale (Wireguard) to an iOS client. The issue that arises is that when a connection is established via  ...

Dear ServerFault community

I have a problem with my WireGuard Tunnel overall configuration.

I have an OVH VPS with 4 public IPs (MY_PUBLIC) acting as a WireGuard server and forwarding all the traffic (and ports) to my EdgeRouter-X router (192.168.255.1) (which acts as a WireGuard client) and that, then, forwards it to my Debian server (192.168.255.10).

The problem is that when on the Debian server I tr ...

I have two Linux machines, a client (C) in one country and a server (S) in another one.

I want to route all traffic from C to S, and therefore a VPN would be the best solution for me, but both C and S are behind NAT, and the ISP does not allow port forwarding. I don't even want to use any services like ngrok, and I want to do it myself to have complete control (and learn something new).

Therefore, I ...

I have a LEMP server at home running Ubuntu 22.02 and an Oracle cloud instance running Ubuntu 20.04. The Oracle cloud instance is acting as a Wireguard server. The LEMP server at home is acting as the Wireguard Client, and is being tunneled through the Oracle server in order to obtain an IP address that is different from my home IP address. I have set up this Wireguard Client/Server configuration per

Hoping this is the right place - I originally posted on Network Engineering but it got closed and I was pointed to Server Fault.

I am currently attempting to setup a L2 bridge between two sites using VXLAN to provide the L2 connectivity and Wireguard as transport/L3. I've previously done a Layer 2 bridge like this using GRE over Wireguard and it's been rock-solid, but I'm trying to better underst ...

Server: Ubuntu

• Wireguard server all clients connect to
• Runs SMB share: all clients can access when the VPN is connected
• Clients can ping eachother

Client a: Windows Server 2022

• Firewall: Allow 192.168.6.0/24
• IIS *:80
  • Works locally, works on VPN Server (wget), does not work on client b. Client b can access IIS over the server's public IP address, not the VPN address
• SQL Server
  • configured to a ...

I'm trying to setup a point-to-site wireguard tunnel between two different points on two seperate networks, but have setup similar tunnels setup in similar situations so I don't believe it has anything to do with the infrastructure between my tunnel's endpoints.

On one side I have a vm Windows Client with the following configuration

[Interface]
PrivateKey = iOoRnq+ngYGZFGpSqnRGgBsUvh9AVtWAXZGEw2Ir1FI= ...

I am building a Wireguard VPN network, in which I want to add and remove peers on the server without restarting the service or losing connections with existing peers. Tried searching for the results, but I found nothing that can suit my needs (all the solutions will cause a few second freeze or will require clients to redo handshake with server). Is it possible to implement this with Wireguard and if ye ...

So basically I'm running an Ubuntu container in docker, with the host system running Ubuntu Server 20.4 LTS, and the container running 22.4 LTS. My intended goal is to have a container to download torrents over a VPN in a container. Now I do not need to be able to access the torrents over web, so no access to my local network is needed. My problem is that anyway I install OpenVpn, WireGuard, or other VP ...

I have a working setup of wireguard (Ubuntu 20.04 server, one Ubuntu 20.04 client and one Windows 10 client). I can connect to devices behind the VPN server.

VPN Server (EndPoint): 1.2.3.2/32
Public Subnet EndPoint sits in: 1.2.3.0/27
WireGuard Server Address: 10.2.0.1/16
Office LAN: 10.0.0.0/16
Peer Address: 10.2.0.3/16

The problem is that the clients cannot connect to anything that should go over th ...

I want a Point to Site topology but since the "client" and "server" hosts are both in their own NAT networks I need to rely on a third host in a Hub and Spoke topology.

visualization

Host A (hub)

[Interface]
PrivateKey = 
Address = 10.201.50.1/32
ListenPort = 51820

PreUp = sysctl -w net.ipv4.ip_forward=1

[Peer]
PublicKey = 
AllowedIPs = 10.201.50.2/32

[Peer]
PublicKey = 
AllowedIPs = 10.201.50.3/ ...

How to redirect tailscale traffic (TPC+UDP) through shadowsocks proxy on Linux? I've tried ss-redirect with no success.

I'm having some wireguard networking issues and hope you guys can help me. My goal is to build a side to side vpn. For that I have host A (public) and host B (private). Below is my config to create the tunnel. So far I can ping from each side to the other like this: from 10.2.0.2 to 10.2.0.1 and from 10.2.0.2 to 10.2.0.1. But when I try to ping from 10.2.0.1 to lets say 10.0.0.1 i get ping: sendto ...

I tried to configure Wireguard for a K3s multi-site cluster, my issue is with routing. There are at least 4 nodes, 2 in one location + 1 in other location and + 1 in other location.

Assumptions:

• 10.50.0.0/16 network is for physical nodes
• 10.42.0.0/16 network is for pods
• 10.43.0.0/16 network is for services
• Each of physical node can create a Pod, which have assigned an unique IP address in 10.42.0 ...

is there a possibility to add an additional route to the host table (ubuntu 20.04 LTS) with docker toolset after starting a docker container?

context:

• Docker version 20.10.12, build e91ed57
• installed wireguard as container (image: lscr.io/linuxserver/wireguard )
• wireguard container has IP 172.19.0.2
• wireguard network is 10.14.14.0
• wireguard host peer has ip 10.14.14.1
• wireguard clients peers have 1 ...

I've tried using Wireguard and a proxy to no avail, i'm not aware of any other ways of doing this, i'm open to suggestions for other ways of doing this, if anyone even wants to help with this,

My reason for doing this is basically this; i need to connect from South Africa to Asia Pacific, my ISP does not have capacity on the undersea cable that has direct access to asia pacific, so instead of get ...

I've been a happy WireGuard user for several years and never had any issues. Today, for seemingly no reason, I started having issues.

I ran wg-quick up $profile as root and that terminal session locked up (ctrl+c/d etc don't kill it). The only output was [#] ip link add $profile type wireguard.

Here's my config:

PrivateKey = $privatekey
Address = 10.19.49.3/24,fd9d:bc11:4021::3/48
DNS =  172.16.0.1 ...

I wanna give access to operators using wireguard to services like PostgreSQL, nginx, ssh, etc without giving the public IP of the host.

I use nixos, but a plain setup with wireguard + iptables can work for me.

The tunnel is established and packets are transferring, as shown (on the server):

❯ wg
interface: wg0
  public key: k4lOk+/rXONPolNI...
  private key: (hidden)
  listening port: 51820

pee ...

In my current test setup I've several VMs running Debian-11. All nodes have a private IP and a second wireguard interface. In the future the nodes will be in different locations with different network and Wireguard is used to "overlay" all the different network environments. I want to install a Kubernetes on all nodes.

node   public ip        wireguard ip
vm1    192.168.10.10    10.11.12.10
vm2     ...

I rented a VDS in order to set up WireGuard VPN on it and distribute all VPN clients /64 IPv6 subnets. From the hosting I originally got the address 2a0c:xxx:yyy::1/32. Here are the configurations of the network interfaces that I set up:

❯ ip a
2: wan0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 ...
    inet6 2a0c:xxx:yyy:1001::1/32 scope global
        valid_lft forever preferred_lft for ...

I've a scenario with many different nodes. Some have public IPv4, some have IPv6, some are dual stack. So I've created a wireguard network (10.11.12.0/24), so that any peer can reach any other inside a private network regarding of IP-stack and location. I'd like to build a Kubernetes over this wireguard networks.

I've build a small test cluster ...

node   public ip        wireguard ip
vm1    192.168.1 ...

I am trying to configure wireguard to work as a VPN server. The main problem is, that the gateway only forwards the VPN server ip to other server, not my client IP.

My setup is the following:

                                                        - server A (10.10.0.4)
                                                      /
CLIENT (10.10.1.3) -> wireguard server (10.10.1.2) -- 
                    ...

My Setup: Several Proxmox Hosts with one eth0 connected to LAN via bridge (vmbr0) in proxmox. (Default setup)

There is another "dummy" bridge device for internal traffic between Guests (vmbr100).

As first guest we have a "Router" VMs on each Host (debian bullseye) which are connected to vmbr0(host) on ens18(guest) and vmbr100 on ens19.

on the router we also have a simple vmbr100 linux bridge.

The Router's ...

Environment:

1. Ubuntu 20.04 LTS
2. Docker
3. WireGuard
4. firewalld

I checked systemctl status firewalld

I have this message

Mar 10 23:04:29 vpnwaw firewalld[542]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -X DOCKER' failed: iptables: No cha>
Mar 10 23:04:29 vpnwaw firewalld[542]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -F DOCKER-ISOLATION-STAGE-1' failed>
Mar 1 ...

Problem: Wireguard obfuscates DNS request, so all DNS lookups from devices connected via VPN are seen as coming from Wireguard server. This prevents me from setting up per-device DNS white/black lists.

Entering IP of internal DNS server as DNS in Wireguard profile does not work (nothing resolves) despite access to that IP through VPN.

Do I need to set DNS server as one of Wireguard clients for it to wo ...

I have multiple computers (Win10 pro) placed at different remote locations (my partners) that I need to manage. I need to access them from a central location. So I have a central VPN server, and I want multiple Win10 pro instances to connect to it. I'm using L2TP, but I would like to migrate to wireguard. With L2TP, it is possible to start rasdial.exe in the background, from the task scheduler. The main ...

I setup a wireguard server with AWS, setup the wireguard client with a raspberry PI.

Now I need to redirect the WG traffic (wg0) to eth1 (eth0 is the uplink to my switch)

-- my goal is to get a IP from my WG server when a client is connected to the PI eth1 (Full tunnel)

my WG config

[Interface]
Address = 10.1.1.1/24
ListenPort = 51820
PrivateKey = ##
PostUp = iptables -t nat -A POSTROUTING -o eth0 ...

I have a server(10.42.0.1) and a client(10.42.0.2), both with wg. I've configured both using the wg command in a way that they should be able to talk to each other.

client wg:

interface: wg0
  public key: abc123=
  private key: (hidden)
  listening port: 51820

peer: xyz987=
  endpoint: 15.14.13.12:51820
  allowed ips: 10.42.0.0/24
  transfer: 0 B received, 7.37 KiB sent

server wg:

interface: wg0
 ...

I have a server lanserver running in my private LAN that is connected to a public server publicserver using Wireguard. publicserver forwards TCP connections to certain ports to lanserver through the Wireguard connection using an iptables DNAT rule.

On lanserver, Wireguard is set up as a NetworkManager connection. It is routing all internet traffic through Wireguard using AllowedIPs = 0.0.0.0/0, ::/0

I have a couple of WireGuard interfaces set up and can per peer decide to give access to server only or server and LAN/Internet. What I want to do for a specific peer is to give access to the Internet only and not to the server and LAN.

I think that I can't do this on tunnel/interface level but have to do it with iptables in the peer config - right? How would I go about doing this?

I have tried to f ...