WireGuard traffic being dropped

NETWORKING SOLUTIONS
1

Hi,

I’m having a issue where WireGuard traffic is not being send back towards the client.
Situation:
WireGuard Client → RUT951 → Juniper Switch
Between the RUT951 and the Juniper switch is a transit subnet (/30) that connects the RUT with the Juniper.

On the RUT, I can ping a device on the Juniper switch:

image
image978×520 32.8 KB

Capturing traffic on the Juniper, I see that is using the transit IP:
image

So far, so good.

Now we have a WireGuard client connected to the RUT.
The subnet (172.16.5.0/24) is included in the “Allowd IPs” in the WireGuard section:

image
image1035×912 40.7 KB

When connected, and trying to ping the same IP (172.16.5.1) from my WireGuard device, I see the traffic on the Juniper, and also an ICMP Reply, but the Reply isn’t being received by my client:
image

FYI: The Juniper has a static route towards the 192.168.145.0/24 device to the RUT.

On the Traffic Rules I’ve already created a rule to allow all:

image
image1518×361 22.8 KB

And on the Zones tab, allowd Wireguard to all:

image
image1491×373 32.7 KB

So, what am I missing?

Thanks,
Bart

Edit:
Added the interface tab:

image
image1033×547 23.2 KB

image
image550×320 13.6 KB

2

Just to add, I’m also not able to ping the 192.168.145.1 adres (the WG interface on the RUT).

3

Just installed TCP dump on the box.
I see the ICMP Reply’s being received by the RUT.

image
image762×418 23.6 KB

So I guess it’s some filters?

Here with -i any, to capture all interfaces:

image
image871×433 24.7 KB

4

Hello,
Your description isn’t that easy to follow, could you attach a drawing of your network with all addresses / netmasks ?
Where is the wireguard server ?
Tcpdump capture with -i any: the last visible output interface for the echo reply frame is qmimux0 !!! This looks strange.

Regards,

5

Hi,

Thanks for you reply.

The WireGuards server is on the RUT itself.

See this drawing:

image
image1569×826 72.7 KB

Even pinging the 192.168.145.1 isn’t working, also the last interface is the “qminux0”:

image
image838×131 7.81 KB

6

Your Allowed IPs field on the RUT is wrong it should contain 192.168.145.2/32 not 192.168.145.0/24.

7

That worked :slight_smile:
Thanks!

8

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.