Wireguard client communication without peer key via 1 router server

Question

I have this setup:

---server 1 config---

[Interface]
Address = 10.200.200.1/24
ListenPort = 6666
PrivateKey = server_private_key

[Peer]
PublicKey = client1_public_key
AllowedIPs = 10.200.200.2/32
PersistentKeepalive = 21

[Peer]
PublicKey = client2_public_key
AllowedIPs = 10.200.200.4/32
PersistentKeepalive = 21

--- client 1 config---

[Interface]
Address = 10.200.200.2/24
PrivateKey = client1_private_key
DNS = 10.200.200.1

[Peer]
PublicKey = server_public_key
Endpoint = server_ip:6666
AllowedIPs = 10.200.200.1/32
PersistentKeepalive = 21

--- client 2 config---

[Interface]
Address = 10.200.200.4/24
PrivateKey = client2_private_key
DNS = 10.200.200.1

[Peer]
PublicKey = server_public_key
Endpoint = server_ip:6666
AllowedIPs = 10.200.200.1/32
PersistentKeepalive = 21

I can ping server from client1 and client2, but i can't ping client1 from client2 and client2 from client1.

Is there a way for client1 ping client2 without adding client2 key to client1 config, since this will make addding client much harder. For example, if i add 1 new client when having 5 clients, all of the config must be changed.

score 1 · Accepted Answer · answered Jan 17 '21 at 20:56

If you change the AllowedIPs setting of your client configs to AllowedIPs = 10.200.200.0/24, all the clients' traffic to the 10.200.200.0/24 block will be routed through their WireGuard connection to the server. This will allow you to connect from one client to another using their WireGuard addresses -- eg ping 10.200.200.4 to ping client2 from client1.

Wireguard client communication without peer key via 1 router server

1 Answers1