Something is wrong with packet routing in WireGuard. My outgoing channel to AzireVPN works fine (the whole LAN is routed through it) but the incoming channel can never complete the connexion handshake.
Incoming is a separate channel with separate interface and port. It's for remote phone, laptop, etc. When I take down the outgoing channel, incoming then works fine! Put outgoing back up and incoming stops again. With outgoing up, I see Shorewall DROPs saying net-outWG with UDP inWG port. So incoming WG packets to net are getting sent right back out outWG interface. I figured this must be because of this routing rule: 10.2.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 10.2.1.0/24 is for the LAN and 10.2.3.0/24 is internal to WG. So in snat I changed the rule to: MASQUERADE 10.2.1.0/26 outWG-se1 ... and changed the phone to 10.2.3.70 so it shouldn't be masqueraded back out and hopefully will go to the WH interface with this routing rule: 10.2.3.0 0.0.0.0 255.255.255.0 U 0 0 0 inWG TBH I don't know why the phone would be in 10.2.1.0 since I haven't assigned it that IP anywhere. All I know for sure is that when I take down the outgoing channel, incoming then works. Dump sent to Tom.
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
