0

My current setup is a Wireguard on ubuntu vm that does ipv4 forwarding and gives peers access to site lans.

Now i want to add another Wireguard in a ubuntu that also shares its site lans.

How would i integrate it so that users have access to site A and B lans?

Site A conf:

[Interface]
Address = 10.1.1.1/24
Address = 10.255.255.2/32
ListenPort = 51820
PrivateKey = *
# SaveConfig = true
# DNS = 1.1.1.1, 1.0.0.1, 10.0.100.1

PostUp = ufw route allow in on wg0 out on ens160
PostUp = iptables -t nat -I POSTROUTING -o ens160 -j MASQUERADE
PostUp = ip6tables -t nat -I POSTROUTING -o ens160 -j MASQUERADE
PreDown = ufw route delete allow in on wg0 out on ens160
PreDown = iptables -t nat -D POSTROUTING -o ens160 -j MASQUERADE
PreDown = ip6tables -t nat -D POSTROUTING -o ens160 -j MASQUERADE

[Peer]
PublicKey = *
AllowedIPs = 10.255.255.1/32, 192.168.200.0/24

List of simple user peers...

Site B conf:

[Interface]
PrivateKey = *
Address = 10.255.255.1/24
#ListenPort = 51820

PostUp = ufw route allow in on wg0 out on eno1
PostUp = iptables -t nat -I POSTROUTING -o eno1 -j MASQUERADE
PostUp = ip6tables -t nat -I POSTROUTING -o eno1 -j MASQUERADE
PreDown = ufw route delete allow in on wg0 out on eno1
PreDown = iptables -t nat -D POSTROUTING -o eno1 -j MASQUERADE
PreDown = ip6tables -t nat -D POSTROUTING -o eno1 -j MASQUERADE


[Peer]
PublicKey = *
AllowedIPs = 10.255.255.0/24, 10.1.1.0/24
Endpoint = *:51820
Dpetrov
  • 111
  • 2

1 Answers1

1

After some heavy trying and failing, i came to realize that 'AllowedIPs' doesn't behave intuitively.

As i understand it is that it uses only the first IP in a list to communicate with other peers. So being that i wanted to have another LAN for accessing that second peer's resources.

Hmmm, perhaps i should have tried adding an address in range 10.1.1.0 in the second peer, but it would be pointless to have 10.255.255.0.

So the solution was to just use one Wireguard private LAN, the 10.1.1.0/24 and it works.

Site A:

[Interface]
Address = 10.1.1.1/24
ListenPort = 51820
PrivateKey = *
# SaveConfig = true
# DNS = 1.1.1.1, 1.0.0.1, 10.0.100.1

PostUp = ufw route allow in on wg0 out on ens160
PostUp = iptables -t nat -I POSTROUTING -o ens160 -j MASQUERADE
PostUp = ip6tables -t nat -I POSTROUTING -o ens160 -j MASQUERADE
PreDown = ufw route delete allow in on wg0 out on ens160
PreDown = iptables -t nat -D POSTROUTING -o ens160 -j MASQUERADE
PreDown = ip6tables -t nat -D POSTROUTING -o ens160 -j MASQUERADE

[Peer]
PublicKey = *
AllowedIPs = 10.1.1.2/32, 192.168.200.0/24

List of simple user peers...

Site B:

[Interface]
PrivateKey = *
Address = 10.1.1.2/24
#ListenPort = 51820

PostUp = ufw route allow in on wg0 out on eno1
PostUp = iptables -t nat -I POSTROUTING -o eno1 -j MASQUERADE
PostUp = ip6tables -t nat -I POSTROUTING -o eno1 -j MASQUERADE
PreDown = ufw route delete allow in on wg0 out on eno1
PreDown = iptables -t nat -D POSTROUTING -o eno1 -j MASQUERADE
PreDown = ip6tables -t nat -D POSTROUTING -o eno1 -j MASQUERADE


[Peer]
PublicKey = *
AllowedIPs = 10.1.1.0/24
Endpoint = *:51820
Dpetrov
  • 111
  • 2