Hi everyone,
I am trying to set up a Wireguard connection between a VPS and one of my homelab servers. The connection works fine (and speed is much better than setting WG up through pfSense), but when I “activate” the WG connection, all internal connections to that internal homelab server do not work anymore, e.g. SSH. My internal IP “structure” is 10.23... Please find the configs below:
Server (VPS with this guide: https://github.com/notthebee/ansible-easy-vpn):
[Interface]
PrivateKey = ...
Address =
10.8.0.1/24
ListenPort = 51820
PreUp =
PostUp = iptables -t nat -A POSTROUTING -s
10.8.0.0/24
-o eth0 -j MASQUERADE; iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT;
PreDown =
PostDown =
# Client: srvr (...)
[Peer]
PublicKey = ...
PresharedKey = ...
AllowedIPs =
10.8.0.4/32
Client (Ubuntu):
[Interface]
PrivateKey = ...
Address =
10.8.0.4/24
[Peer]
PublicKey = ...
PresharedKey = ...
AllowedIPs =
0.0.0.0/0
PersistentKeepalive = 25
Endpoint = wg.url:51820
Based on some googling I played around with the AllowedIPs on the client side, but I either have the correct VPN connection with routing traffic through the VPS OR local traffic working to the homelab server, not both.
I found this list online to cover all non-local IPs
AllowedIPs = 0.0.0.0/5, 8.0.0.0/7, 11.0.0.0/8, 12.0.0.0/6, 16.0.0.0/4, 32.0.0.0/3, 64.0.0.0/2, 128.0.0.0/3, 160.0.0.0/5, 168.0.0.0/6, 172.0.0.0/12, 172.32.0.0/11, 172.64.0.0/10, 172.128.0.0/9, 173.0.0.0/8, 174.0.0.0/7, 176.0.0.0/4, 192.0.0.0/9, 192.128.0.0/11, 192.160.0.0/13, 192.169.0.0/16, 192.170.0.0/15, 192.172.0.0/14, 192.176.0.0/12, 192.192.0.0/10, 193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5,
208.0.0.0/4`
This should cover all non-local IP ranges. Unfortunately, no luck. The wireguard connection goes through, but no traffic is going through.
Thanks so much for some guidance!