housepanther,

is pissing me off. The peers can ping and communicate with the server but not each other. I've got no idea why .

kkarhan,
@kkarhan@mstdn.social avatar

@housepanther I guess you didn't allow those IP adresses to communicate with each other?

- like any - is a seperate network interface with seperate routing rules - at least in & ...

housepanther,

@kkarhan I did allow them to communicate with each other. I am using wq-quick not pfSense or OPNsense. I could share my configs with you.

kkarhan,
@kkarhan@mstdn.social avatar

@housepanther Well, I don't use aside from and for the woes of DIY'ing a WiFi...

housepanther,

@kkarhan I allowed the entire subnet that the VPN is sitting on, 100.64.0.0/24.

kkarhan,
@kkarhan@mstdn.social avatar

@housepanther THAT'S WHY!

100.64.0.0/10 is adress space as per , which SHALL NEVER allow intra-Client communication but only Gateway <-> Client.

https://en.wikipedia.org/wiki/Carrier-grade_NAT

housepanther,

@kkarhan LOL! I feel stoopid now.

kkarhan,
@kkarhan@mstdn.social avatar

@housepanther nah.

That happens more experienced people...

Like having hit 0 too often and then typing 100.64 instead of 10.64 ...

Personally I've done stupider mistakes myself in the past...

housepanther,

@kkarhan Oh okay! LOL! I did not know that. Time to change the IP address scheme. Thank you!!!!!!!!!!!!!!!

kkarhan,
@kkarhan@mstdn.social avatar

@housepanther np. You're welcome...

OFC may have done so since there are some that do + i.e. [ on is common in to prevent people from 'blueboxing' by splicing the phone line]...

And in some Corporate setups this may even be desireable to have all the remote workers not able to as to mitigate propagation...

kkarhan,
@kkarhan@mstdn.social avatar

@housepanther If you use an adress space, that issue won't happen...

https://en.wikipedia.org/wiki/Private_network#Private_IPv4_addresses

housepanther,

@kkarhan I am changing it to a 10.0.0.0/24 address space.

kkarhan,
@kkarhan@mstdn.social avatar

@housepanther makes sense depending on your size and how generous you want your other subnets to be...

That should work mostly...

housepanther,

@kkarhan No, still doesn't work. Damnit! I don't know what's going on? You're probably correct and I am missing something else.

jon404,
@jon404@ioc.exchange avatar

@housepanther @kkarhan

Not sure about wg-quick, but in all of the wireguard setups I've used you have to have the vpn-external IPs in the AllowedIPs list (i.e. if I have two boxes using 172.31.0.1 and 172.31.0.2 to vpn to each other, and they route traffic for 10.0.0.0/24 on one side and 10.1.0.0/24 on the other, then AllowedIPs has to contain all three ranges, IIRC (this assumes you aren't NAT'ing or anything like that)).

Also, if 10.0.0.0/24 and 10.1.0.0/24 want to reach each other, they need to have a route to the 172.31.0.X boxes so they know where to send traffic destined for the other side.

kkarhan,
@kkarhan@mstdn.social avatar

@jon404 @housepanther

That comes to it as well...

& do make these default routes most of the time but if you manually setup some on a box to do that, you may need to adjust all these parts on your own.

jon404,
@jon404@ioc.exchange avatar

@kkarhan @housepanther

Yeah, I just set up ospf and forget about routes.

But...I see how that might be overkill heh.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • wireguard
  • InstantRegret
  • thenastyranch
  • mdbf
  • osvaldo12
  • tacticalgear
  • rosin
  • Durango
  • DreamBathrooms
  • magazineikmin
  • Youngstown
  • ngwrru68w68
  • slotface
  • cubers
  • kavyap
  • megavids
  • cisconetworking
  • ethstaker
  • normalnudes
  • GTA5RPClips
  • khanakhh
  • everett
  • tester
  • modclub
  • Leos
  • anitta
  • provamag3
  • JUstTest
  • lostlight
  • All magazines
    •