[arch-general] Wireguard

Genes Lists lists at sapience.com
Tue Jan 1 16:38:18 UTC 2019

On 1/1/19 10:46 AM, siefke_listen at web.de wrote:

 > Forwarding is enabled like it stand in tutorial of Arch and Firewall
 > only must open the port I used for wireguard?

There are 3 of cases that come to mind. (a) you're testing on internal 
network (b) you're using external and wireguard is running on firewall 
and (c) you're using external and wireguard is running behind your firewall.

In all cases, on the server running wireguard,  you need iptables rules 
to managing forwarding in addition to having net.ipv4.ip_forward = 1 to 
enable forwarding in /etc/systctl.d/syscttl.conf and reload sysctl.

I'd recommend getting things working on (a) inside your network first, 
then deal with packets going through your internet facing firewall.

So in summary, I'd ensure your iptables rules on the VPN server are 
correct and working testing purely inside your network.

More information about the arch-general mailing list