[Solved] Can't connect to host after enabling WireGuard tunnel
I installed WireGuard on my host and set this configuration /etc/wireguard/wg0.conf
:
[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = [REDACTED]
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE
[Peer]
PublicKey = [REDACTED]
PresharedKey = [REDACTED]
AllowedIPs = 10.0.0.2/32
[Peer]
PublicKey = [REDACTED]
PresharedKey = [REDACTED]
AllowedIPs = 10.0.0.3/32
[Peer]
PublicKey = [REDACTED]
PresharedKey = [REDACTED]
AllowedIPs = 10.0.0.4/32
[Peer]
PublicKey = [REDACTED]
PresharedKey = [REDACTED]
AllowedIPs = 10.0.0.5/32
[Peer]
PublicKey = [REDACTED]
PresharedKey = [REDACTED]
AllowedIPs = 10.0.0.6/32
[Peer]
PublicKey = [REDACTED]
PresharedKey = [REDACTED]
AllowedIPs = 10.0.0.7/32
[Peer]
PublicKey = [REDACTED]
PresharedKey = [REDACTED]
AllowedIPs = 10.0.0.8/32
[Peer]
PublicKey = [REDACTED]
PresharedKey = [REDACTED]
AllowedIPs = 10.0.0.9/32
[Peer]
PublicKey = [REDACTED]
PresharedKey = [REDACTED]
AllowedIPs = 10.0.0.10/32
[Peer]
PublicKey = [REDACTED]
PresharedKey = [REDACTED]
AllowedIPs = 10.0.0.11/32
Nmap scan when wg0 is down:
Starting Nmap 7.93 ( https://nmap.org ) at 2024-08-16 03:26 CDT
Host is up (0.050s latency).
Not shown: 998 closed tcp ports (conn-refused)
PORT STATE SERVICE
22/tcp open ssh
179/tcp filtered bgp
Nmap done: 1 IP address (1 host up) scanned in 1.93 seconds
Nmap scan when wg0 is up:
Starting Nmap 7.93 ( https://nmap.org ) at 2024-08-16 03:27 CDT
All 1000 scanned ports are in ignored states.
Not shown: 1000 filtered tcp ports (no-response)
Nmap done: 1 IP address (1 host up) scanned in 201.43 seconds
I also cannot connect to host via ssh. How to fix this issue?
Upd. Fixed my changing server WireGuard IP to 10.0.1.1. 10.0.0.1 was already taken
You are viewing a single comment
Like I said in another thread on this post, I'm pretty sure that's because they are forwarding input but not output in the PostUp rules. Setting a /32 in AllowedIPs works fine for me.
Thanks for help. Everything is fixed, read post update
Oh yeah, can't use the same IP range as your LAN, that will lead to problems. :D Glad it's fixed.
Out of curiosity, does forwarding work now without the output (-o) command in PostUp?
I left PostUp as is and didn't try removing -o))