I'm having some wireguard networking issues and hope you guys can help me.
My goal is to build a side to side vpn. For that I have host A (public) and host B (private). Below is my config to create the tunnel. So far I can ping from each side to the other like this: from 10.2.0.2 to 10.2.0.1 and from 10.2.0.2 to 10.2.0.1. But when I try to ping from 10.2.0.1 to lets say 10.0.0.1 i get ping: sendto: No error information
as a respone. Firewall shouldn't be an issue and routing should also be configured correctly in the docker-compose.yml
file on the server.
Any help is much appreciated!
Host A (server): (IP: ${WG_PUBLIC_HOST})
services:
wireguard:
image: weejewel/wg-easy
container_name: wireguard
restart: unless-stopped
user: 0:1000
ports:
- ${WG_PUBLIC_PORT}:51820/udp
environment:
WG_HOST: ${WG_PUBLIC_HOST}
WG_PORT: ${WG_PUBLIC_PORT}
WG_DEFAULT_ADDRESS: 10.2.0.x
WG_DEFAULT_DNS: 1.1.1.1
WG_ALLOWED_IPS: 0.0.0.0/24
WG_POST_UP: ip route add 10.0.0.0/24 via 10.2.0.2;
WG_POST_DOWN: ip route del 10.0.0.0/24;
PASSWORD: ${WG_PASSWORD}
volumes:
- ./wireguard:/etc/wireguard
sysctls:
net.ipv4.conf.all.src_valid_mark: 1
net.ipv4.ip_forward: 1
cap_add:
- NET_ADMIN
- SYS_MODULE
# ./wireguard/wg0.conf
[Interface]
PrivateKey = <secret>
Address = 10.2.0.1/24
ListenPort = 51820
PostUp = ip route add 10.0.0.0/24 via 10.2.0.2;
PostDown = ip route del 10.0.0.0/24;
# Client: host B (b2448b52-2f3b-4141-a20d-b91a8fa0d6c6)
[Peer]
PublicKey = <secret>
PresharedKey = <secret>
Host B (client): (IP: 10.0.0.3)
# docker-compose.yml
services:
wireguard:
image: linuxserver/wireguard
container_name: wireguard
restart: unless-stopped
volumes:
- ./wireguard:/config
- /lib/modules:/lib/modules:ro
environment:
PUID: 1000
PGID: 1000
networks:
- wireguard
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
net.ipv4.conf.all.src_valid_mark: 1
networks:
wireguard:
ipam:
config:
- subnet: 10.3.0.0/24
# ./wireguard/wg0.conf
[Interface]
PrivateKey = <secret>
Address = 10.2.0.2/24
DNS = 1.1.1.1
[Peer]
PublicKey = <secret>
PresharedKey = <secret>
AllowedIPs = 10.2.0.0/24
PersistentKeepalive = 25
Endpoint = ${WG_PUBLIC_HOST}:${WG_PUBLIC_PORT}
WG_ALLOWED_IPS: 0.0.0.0/24