TL;DR I've got wg(4) working great on the router itself (i.e. VPN up, all localhost traffic routes across VPN). But I can't get it working with external clients (i.e. devices that use the router as their default gateway).
ip.forwarding is on:
net.inet.ip.forwarding=1
net.inet6.ip6.forwarding=1
I've tried various combinations of pf rules, e.g. :
pass out inet from 10.0.0.0/8 to !<router_interfaces> nat-to (wg0)
My hostname.wg0 looks like this:
inet 172.16.111.25 255.255.255.255
wgkey <REDACTED>
wgpeer <REDACTED> wgendpoint <REDACTED> <REDACTED> wgaip 0.0.0.0/0 wgaip ::/0 wgpka 20up
The only reference I've found to this issue is a brief thread on Reddit which suggests maybe there are some shortcomings in the wg(4) implementation (https://www.reddit.com/r/openbsd/comments/hy8lv0/routing_vmm4_guest_traffic_via_a_wg4_tunnel/?utm_source=share&utm_medium=web2x&context=3)
Personally I think its more likely I've missed something simple in my config, but I don't know what or where.
No comments:
Post a Comment