I would try
.. nat-to wg0 route-to wg0
making sure that this rule doesn't apply to the router wireguard connection
On August 8, 2022 12:12:43 PM UTC, Rachel Roch <rroch@tutanota.de> wrote:
>TL;DR I've got wg(4) working great on the router itself (i.e. VPN up, all localhost traffic routes across VPN). But I can't get it working with external clients (i.e. devices that use the router as their default gateway).
>
>ip.forwarding is on:
>net.inet.ip.forwarding=1
>net.inet6.ip6.forwarding=1
>
>I've tried various combinations of pf rules, e.g. :
>pass out inet from 10.0.0.0/8 to !<router_interfaces> nat-to (wg0)
>
>My hostname.wg0 looks like this:
>inet 172.16.111.25 255.255.255.255
>wgkey <REDACTED>
>wgpeer <REDACTED> wgendpoint <REDACTED> <REDACTED> wgaip 0.0.0.0/0 wgaip ::/0 wgpka 20up
>
>The only reference I've found to this issue is a brief thread on Reddit which suggests maybe there are some shortcomings in the wg(4) implementation (https://www.reddit.com/r/openbsd/comments/hy8lv0/routing_vmm4_guest_traffic_via_a_wg4_tunnel/?utm_source=share&utm_medium=web2x&context=3)
>
>Personally I think its more likely I've missed something simple in my config, but I don't know what or where.
>
No comments:
Post a Comment