I have a home server with a isolated local network. The unique open port is wireguard (51820)
My topology:
Server -> 192.168.2.1 (redirects 51820 to VM3)
- VM1 -> 192.168.2.2
- VM2 -> 192.168.2.3
- VM3 -> 192.168.2.4 (VPN Server)
----------
PC 1 -> public IP
PC 2 -> public IP
Initial Configuration:
VM3 (Wireguard server)
[Interface]
Address = 192.168.6.1/24
ListenPort = 51820
PrivateKey = {VM3_PrivateKey}
#IP Forwarding
PreUp = sysctl -w net.ipv4.ip_forward=1
#IP Masquerading
PreUp = iptables -t mangle -A PREROUTING -i wg0 -j MARK --set-mark 0x30
PreUp = iptables -t nat -A POSTROUTING ! -o wg0 -m mark --mark 0x30 -j MASQUERADE
PostDown = iptables -t mangle -D PREROUTING -i wg0 -j MARK --set-mark 0x30
PostDown = iptables -t nat -D POSTROUTING ! -o wg0 -m mark --mark 0x30 -j MASQUERADE
[Peer]
#pc-1
PublicKey = {PC1_PublicKey}
AllowedIPs = 192.168.6.2/24
PC-1 Configuration
[Interface]
PrivateKey = {PC1_PrivateKey}
Address = 192.168.6.2/24
[Peer]
PublicKey = {VM3_PublicKey}
AllowedIPs = 192.168.2.0/24
Endpoint = {mydomain.com}:51820
PersistentKeepalive = 15
That configuration works as expected, the PC1 can access all 192.168.2.X servers.
2 Peer configuration
When I try to add a new Peer the first one simply stops accessing any server. New configuration:
VM3 (Wireguard server)
[Interface]
Address = 192.168.6.1/24
ListenPort = 51820
PrivateKey = {VM3_PrivateKey}
#IP Forwarding
PreUp = sysctl -w net.ipv4.ip_forward=1
#IP Masquerading
PreUp = iptables -t mangle -A PREROUTING -i wg0 -j MARK --set-mark 0x30
PreUp = iptables -t nat -A POSTROUTING ! -o wg0 -m mark --mark 0x30 -j MASQUERADE
PostDown = iptables -t mangle -D PREROUTING -i wg0 -j MARK --set-mark 0x30
PostDown = iptables -t nat -D POSTROUTING ! -o wg0 -m mark --mark 0x30 -j MASQUERADE
[Peer]
#PC1
PublicKey = {PC1_PublicKey}
AllowedIPs = 192.168.6.2/24
[Peer]
#PC2
PublicKey = {PC2_PublicKey}
AllowedIPs = 192.168.6.3/24
PC-1 Configuration (Same as Above)
PC-2 Configuration
[Interface]
PrivateKey = {PC2_PrivateKey}
Address = 192.168.6.3/24
[Peer]
PublicKey = {VM3_PublicKey}
AllowedIPs = 192.168.2.0/24
Endpoint = {mydomain.com}:51820
PersistentKeepalive = 15
If I remove Peer2 from server configurantion PC1 has access again
Does anyone know why this happens and how I can fix it?