0

Server: Ubuntu

  • Wireguard server all clients connect to
  • Runs SMB share: all clients can access when the VPN is connected
  • Clients can ping eachother

Client a: Windows Server 2022

  • Firewall: Allow 192.168.6.0/24
  • IIS *:80
    • Works locally, works on VPN Server (wget), does not work on client b. Client b can access IIS over the server's public IP address, not the VPN address
  • SQL Server
    • configured to allow remote connections, client b can't access it over VPN ip.

Client b: Windows 11

  • Can ping client a, can't access IIS, can't access SQL Server

Added public IP address of client b to firewall of client a, after that, I can connect to SQL server over the public IP address, not the VPN IP.

Clients all have AllowedIPs = 192.168.6.0/24 in their config

Any advice welcome

NKCSS
  • 121
  • 1
  • 6

1 Answers1

1

Turns out, I needed these PostUp and PostDown rules in my wg0.conf to make it work.

PostUp =   iptables -I FORWARD 1 -i wg0 -j ACCEPT; iptables -I FORWARD 1 -o wg0 -j ACCEPT; iptables -t nat -I POSTROUTING 1 -s 192.168.6.0/24 -o enp4s0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT;   iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -s 192.168.6.0/24 -o enp4s0 -j MASQUERADE```
NKCSS
  • 121
  • 1
  • 6