I have a linux Debian 12 machine hosted on a virtual machine (linode).
It has two physical interfaces:
eth0 - WAN - with access to www - not relevant for the question.
eth1 - LAN - Manually configured with a static ip address 10.99.0.1/24.
Then i have another virtual interface
wg1 - LAN - Manually configured with a static ip address 10.97.0.1/24
eth1 is used as the endpoint for all VPN connections towards site-to-site / clients. using ipsec proto.
wg1 is used as the endpoint for all VPN connections used for employees, using wireguard vpn.
The VPNs are working fine:
Site-to-site, the tunnels are up and I can ping from the server all sites .1 ip address.
Employee vpn, the employee has the VPN installed on its PC. The tunnel is up and can ping the server.
- nd1
The problem is actually achieving "connecting" between the employee PC to the remote sites.
At the moment I am not using firewall of any kind to keep things simple and avoid more doubts.
SERVER SIDE
Code: Select all
root@be1:~#ip a
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 90:de:01:af:97:36 brd ff:ff:ff:ff:ff:ff
inet 10.99.0.1/24 brd 10.99.0.255 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::92de:1ff:feaf:9736/64 scope link
valid_lft forever preferred_lft forever
4: wg1: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet 10.97.0.1/24 scope global wg1
valid_lft forever preferred_lft forever
root@be1:~#ip route
10.97.0.0/24 dev wg1 proto kernel scope link src 10.97.0.1
10.99.0.0/24 dev eth1 proto kernel scope link src 10.99.0.1
EMPLOYEE PC
Code: Select all
C:\Users\4lele>ipconfig
Unknown adapter BE1:
Connection-specific DNS Suffix . :
IPv4 Address. . . . . . . . . . . : 10.97.0.11
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
C:\Users\4lele>route print -4
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
10.97.0.1 255.255.255.255 On-link 10.97.0.11 5
10.97.0.11 255.255.255.255 On-link 10.97.0.11 261
10.99.0.1 255.255.255.255 On-link 10.97.0.11 5
10.100.0.0 255.255.0.0 On-link 10.97.0.11 5
10.100.14.0 255.255.255.0 On-link 10.97.0.11 5
10.100.14.255 255.255.255.255 On-link 10.97.0.11 261
===========================================================================
Persistent Routes:
None
C:\Users\4lele>ping 10.99.0.1
Pinging 10.99.0.1 with 32 bytes of data:
Reply from 10.99.0.1: bytes=32 time=17ms TTL=64
Reply from 10.99.0.1: bytes=32 time=16ms TTL=64
Reply from 10.99.0.1: bytes=32 time=16ms TTL=64
Reply from 10.99.0.1: bytes=32 time=16ms TTL=64
Ping statistics for 10.99.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 16ms, Maximum = 17ms, Average = 16ms
C:\Users\4lele>ping 10.100.14.1
Pinging 10.100.14.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 10.100.14.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Regards,
Ale.
