WireGuard not routing

Apps and Virtualization
1

Hi,

This is the first time I am trying to setup WireGuard with wg-easy app.

Here is the configuration I ended up with :
Host : my .domain.com
Port: 51820
Allowed IPs:

  • 10.8.0.0/24
    DNS:
  • 192.168.0.5
    Advanced:
  • MTU : 1420
  • Persistent KeepAlive: 0

Interface

  • MTU: 1420
  • Port: 51820
  • Device: enp4s0

I didn’t change the post up and post down fields in the hooks section :

PostUP:
iptables -t nat -A POSTROUTING -s {{ipv4Cidr}} -o {{device}} -j MASQUERADE; iptables -A INPUT -p udp -m udp --dport {{port}} -j ACCEPT; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -s {{ipv6Cidr}} -o {{device}} -j MASQUERADE; ip6tables -A INPUT -p udp -m udp --dport {{port}} -j ACCEPT; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -A FORWARD -o wg0 -j ACCEPT;

PostDOWN:
iptables -t nat -D POSTROUTING -s {{ipv4Cidr}} -o {{device}} -j MASQUERADE; iptables -D INPUT -p udp -m udp --dport {{port}} -j ACCEPT; iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -s {{ipv6Cidr}} -o {{device}} -j MASQUERADE; ip6tables -D INPUT -p udp -m udp --dport {{port}} -j ACCEPT; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -D FORWARD -o wg0 -j ACCEPT;

And my client config:
[Interface]
PrivateKey = …
Address = 10.8.0.2/24, fdcc:ad94:bacf:61a4::cafe:2/112
DNS = 192.168.0.5
MTU = 1420

[Peer]
PublicKey = …
PresharedKey = …
AllowedIPs = 192.168.0.0/24
Endpoint = my .domain.com:51820
PersistentKeepalive = 0

I can connect my client : wireguard client is turning green, and nc is reaching the machine:

horfee@Mac ~ % nc -u -v -z -w 3 my .domain.com 51820
Connection to my .domain.com port 51820 [udp/*] succeeded!

However, I cannot reach any machine on my network :

horfee@Mac ~ % ping 192.168.0.5
PING 192.168.0.5 (192.168.0.5): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1

Inside the docker container, I can ping any machine, but not from my remote client connected through wireguard…

Any idea what is going on ?

Thank you for your help !

2

Found out that the router rules needed a priority… the port was blocked, but the fireguard client still displaying the green light…