You are not logged in.
Hi, I have a Raspberry PI under ManjaroARM, I had make a script to create a wireguard profile (just because I was tired of trial and error).
VPN works fine to connect to other services running on the Raspberry, but I cannot connect other machines on lan (like router admin page) neither webpages outside my network (like reddit).
Before install Manjaro I had Raspbian with PIVPN and I was able to do everything, even I would say that it was faster althoght then I had 4g internet and now I have 300Mb symmetric fiber.
This is my script to create peers:
ENDPOINT='<MYDDNS>:<PORT>'
wg-quick down vpn
wg genkey | (umask 0077 && tee server.key) | wg pubkey > server.pub
wg genkey | (umask 0077 && tee peer.key) | wg pubkey > peer.pub
echo "[Interface]
PrivateKey = $(cat server.key)
Address = 10.0.2.1/24
ListenPort = PORT
DNS = 10.0.2.1
[Peer]
PublicKey = $(cat peer.pub)
AllowedIPs = 10.0.2.2/32
" > vpn.conf
echo "[Interface]
PrivateKey = $(cat peer.key)
Address = 10.0.2.2/24
[Peer]
PublicKey = $(cat server.pub)
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = $ENDPOINT
" > peer.conf
qrencode -t ansiutf8 -r peer.conf
wg-quick up vpn
systemctl enable wg-quick@vpn.service
Offline
Wireguard doesn't care about your distro but these forums are for Arch not Arch clones. You should reword your post making it pure wireguard. That said, what firewall settings are in place on your WG box? If you haven't already, recommend that you read our excellent WG wiki page: https://wiki.archlinux.org/title/WireGuard
Last edited by graysky (2022-07-26 17:38:22)
CPU-optimized Linux-ck packages @ Repo-ck • AUR packages • Zsh and other configs
Offline
If you want the WireGuard peers to be able to traverse between networks, you'll need to properly configure routing.
Inofficial first vice president of the Rust Evangelism Strike Force
Offline
If you want the WireGuard peers to be able to traverse between networks, you'll need to properly configure routing.
how should I do that? please give me a little example.
Offline
Wireguard doesn't care about your distro but these forums are for Arch not Arch clones. You should reword your post making it pure wireguard. That said, what firewall settings are in place on your WG box? If you haven't already, recommend that you read our excellent WG wiki page: https://wiki.archlinux.org/title/WireGuard
I dindn't configure any firewall yet to avoid these problems, I read the wiki post a lot of times but I cannot make this part work, maybe is some concept with routing that Id didnt understand ery well.
Offline
At first you need enable ip forwarding (by default disabled)
https://wiki.archlinux.org/title/Intern … forwarding
Last edited by GeorgeJP (2022-07-27 16:52:40)
Offline
At first you need enable ip forwarding (by default disabled)
https://wiki.archlinux.org/title/Intern … forwarding
this is the result of
sysctl -a | grep forward
net.ipv4.conf.all.bc_forwarding = 0
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.default.bc_forwarding = 0
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.eth0.bc_forwarding = 0
net.ipv4.conf.eth0.forwarding = 1
net.ipv4.conf.eth0.mc_forwarding = 0
net.ipv4.conf.lo.bc_forwarding = 0
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.conf.vpn.bc_forwarding = 0
net.ipv4.conf.vpn.forwarding = 1
net.ipv4.conf.vpn.mc_forwarding = 0
net.ipv4.conf.wlan0.bc_forwarding = 0
net.ipv4.conf.wlan0.forwarding = 1
net.ipv4.conf.wlan0.mc_forwarding = 0
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_update_priority = 1
net.ipv4.ip_forward_use_pmtu = 0
net.ipv6.conf.all.forwarding = 0
net.ipv6.conf.all.mc_forwarding = 0
net.ipv6.conf.default.forwarding = 0
net.ipv6.conf.default.mc_forwarding = 0
net.ipv6.conf.eth0.forwarding = 0
net.ipv6.conf.eth0.mc_forwarding = 0
net.ipv6.conf.lo.forwarding = 0
net.ipv6.conf.lo.mc_forwarding = 0
net.ipv6.conf.vpn.forwarding = 0
net.ipv6.conf.vpn.mc_forwarding = 0
net.ipv6.conf.wlan0.forwarding = 0
net.ipv6.conf.wlan0.mc_forwarding = 0
I think its enabled, did you detect any mistake? Raspi is connected to the internet by wifi.
Offline
How are routes set?
Are you sure, that no iptables/nftables are not set?
Offline
How are routes set?
Are you sure, that no iptables/nftables are not set?
How could I check this?
Offline
ip a
ip r
sudo iptables -nvL
sudo iptables -t nat -nvL
sudo nft list ruleset
Offline
Offline