The tunnel works and I’m able to ping hosts on the Site B Subnet from the Site A.
However I’m not able to acces any of the hosts in the Site B subnet through SSH or HTTP.
sudo wg show wg0
interface: wg0
(Site C Cloud Server)
public key: public key
private key: (hidden)
listening port: 37003
(Site A Host)
peer: public key
endpoint: endpoint
allowed ips: 10.0.10.20/32
latest handshake: 13 seconds ago
transfer: 95.16 KiB received, 27.61 KiB sent
(RutX09 Site B)
peer: public key
endpoint: endpoint
allowed ips: 10.0.10.10/32, 10.1.40.0/24
latest handshake: 1 minute, 3 seconds ago
transfer: 425.25 KiB received, 125.75 KiB sent
I’m using a RUTX09 with the latest firmware on it.
In the General Firewall Settings I allowed Wireguard to the specific Subnet.
Does Anyone know how I can forward all the ports from the Wireguard Interface to the Subnet?
Hello,
Add 192.168.200.0/24 to the Allowed IPs list of A and C, add 192.168.1.11/32 to B and C, add 192.168.0.3/32 to C.
Check the MTU of all the wg interfaces limit it the MTU of the wan interface minus 80.
Regards,
I apologize for the confusion, here an updated version of the topology as well as the Wireguard configurations.
I guess the problem is that the RUTX09 doesn’t forward the packets to 10.1.40.100 since I’m able to ping it from Endpoint A but not to acces it using https.
For A set address to 10.0.10.20/24 and Allowed IPs to 10.0.10.0/24 + 10.1.40.0/24
For C set address to 10.0.10.1/24. For the A side set Allowed IPs to 10.0.1020/32 and for the C side set Allowed IPs to 10.0.10.10/32 + 10.1.40.0/24
For B set address to 10.0.10.10/24 and allowed IPs to 10.0.10.0/24
What are the addresses of all the interfaces of the RUTX09 ? From it can you ping 10.1.40.100 ?
What is the output of tcpdump -i any -n -v icmp when you execute the ping above ?
Maybe, I would like to have the full picture before playing with that.
