-1

I have a home server with a isolated local network. The unique open port is wireguard (51820)

My topology:

Server -> 192.168.2.1 (redirects 51820 to VM3)
-  VM1 -> 192.168.2.2
-  VM2 -> 192.168.2.3
-  VM3 -> 192.168.2.4 (VPN Server)
----------
PC 1 -> public IP
PC 2 -> public IP

Initial Configuration:

VM3 (Wireguard server)

[Interface]
Address = 192.168.6.1/24
ListenPort = 51820
PrivateKey = {VM3_PrivateKey}

#IP Forwarding
PreUp = sysctl -w net.ipv4.ip_forward=1
#IP Masquerading
PreUp = iptables -t mangle -A PREROUTING -i wg0 -j MARK --set-mark 0x30
PreUp = iptables -t nat -A POSTROUTING ! -o wg0 -m mark --mark 0x30 -j MASQUERADE
PostDown = iptables -t mangle -D PREROUTING -i wg0 -j MARK --set-mark 0x30
PostDown = iptables -t nat -D POSTROUTING ! -o wg0 -m mark --mark 0x30 -j MASQUERADE

[Peer]
#pc-1
PublicKey = {PC1_PublicKey}
AllowedIPs = 192.168.6.2/24

PC-1 Configuration

[Interface]
PrivateKey = {PC1_PrivateKey}
Address = 192.168.6.2/24

[Peer]
PublicKey = {VM3_PublicKey}
AllowedIPs = 192.168.2.0/24
Endpoint = {mydomain.com}:51820
PersistentKeepalive = 15

That configuration works as expected, the PC1 can access all 192.168.2.X servers.

2 Peer configuration

When I try to add a new Peer the first one simply stops accessing any server. New configuration:

VM3 (Wireguard server)

[Interface]
Address = 192.168.6.1/24
ListenPort = 51820
PrivateKey = {VM3_PrivateKey}

#IP Forwarding
PreUp = sysctl -w net.ipv4.ip_forward=1
#IP Masquerading
PreUp = iptables -t mangle -A PREROUTING -i wg0 -j MARK --set-mark 0x30
PreUp = iptables -t nat -A POSTROUTING ! -o wg0 -m mark --mark 0x30 -j MASQUERADE
PostDown = iptables -t mangle -D PREROUTING -i wg0 -j MARK --set-mark 0x30
PostDown = iptables -t nat -D POSTROUTING ! -o wg0 -m mark --mark 0x30 -j MASQUERADE

[Peer]
#PC1
PublicKey = {PC1_PublicKey}
AllowedIPs = 192.168.6.2/24

[Peer]
#PC2
PublicKey = {PC2_PublicKey}
AllowedIPs = 192.168.6.3/24

PC-1 Configuration (Same as Above)

PC-2 Configuration

[Interface]
PrivateKey = {PC2_PrivateKey}
Address = 192.168.6.3/24

[Peer]
PublicKey = {VM3_PublicKey}
AllowedIPs = 192.168.2.0/24
Endpoint = {mydomain.com}:51820
PersistentKeepalive = 15

If I remove Peer2 from server configurantion PC1 has access again

Does anyone know why this happens and how I can fix it?

Pilati
  • 99
  • 2
  • Questions on Server Fault must be about managing information technology systems in a business environment. Home and end-user computing questions may be asked on Super User – djdomi Aug 31 '22 at 17:35
  • In this case the principle is the same, the same problem I'm having some company may have – Pilati Sep 05 '22 at 19:59

0 Answers0