Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Connect 2 Networks with VPN

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
fabiange
Posts: 2
Joined: 2021-09-20 16:08

Connect 2 Networks with VPN

#1 Post by fabiange »

Hey there,
I have 2 Networks, the first one is 192.168.2.0/24, the second one 192.168.81.0/24. In every network there are several clients. These networks has no connection except a wireguard vpn-network.
In each of these networks is a VPN-Client (VPN Network has 192.168.100.0/24). The first one (client 1) has two interfaces: 192.168.2.210 / 192.168.100.1. The client (client 2) in the second network: 192.168.81.210 / 192.168.100.3.
Now I want to access clients on the 192.168.81.0/24er network.
  • Client 1 can ping client 2
  • I have configured a static route on the firewall in the first network, so all traffic for 192.168.81.0/24 is routed to 192.168.2.210. This works
  • I have configured a route on client 1

Code: Select all

ip route add 192.168.81.0/24 via 192.168.100.3 dev wg0
  • I have created some iptables rules on client 2

Code: Select all

iptables -A FORWARD -i wg0 -o ens192 -j ACCEPT
iptables -t nat -A POSTROUTING -o ens192 -j MASQUERADE
  • In each of these clients ip_forward is set to 1
  • Client 1 can ping every client in 192.168.81.0/24, so I think there is no wireguard configuration issue
But nobody in the first network can ping any 192.168.81.0 address. Tcpdump on client 2 shows me no traffic.
Tcpdump on client 1 on wg0 interface shows some data.
The Vpn-client can access, but no tothers in the network. so I think there is some (source) nat configuration needed. Am I right? Any ideas?
Thank you!

fabiange
Posts: 2
Joined: 2021-09-20 16:08

Re: Connect 2 Networks with VPN

#2 Post by fabiange »

Ok, got it.
Solution was to execute

Code: Select all

iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE
on client 1

Post Reply