Hi Jean-Yves, On 09/05/17 23:32, Bzzzz wrote: > 1- I solved the LAN being unreachable apart the endpoint and the internet > being completely unreachable with an iptables rule: > iptables -t nat -I POSTROUTING -s 10.11.12.0/24 -o eth0 -j MASQUERADE > is this right? (if not, why?)
I don't think this is Wireguard specific. That rule essentially allows that machine to act as a NAT gateway, the same as for e.g. an OpenVPN server. > 2- When I want to ssh any LAN machine, wireshark only sees 4 packets: > client announce > server ACK > client key negociation > server key negociation > and that's all. > Is it a limitation (non-TCP packets) or is there another reason for > ssh not working as expected? (connecting to any machine http srv works > perfectly) SSH over a Wireguard interface works as expected for me. You might have some luck seeing what's going on with `ssh -v` (and increasing the verbosity with further `v`s, e.g. `ssh -vvvv`). Jonathon
signature.asc
Description: OpenPGP digital signature
_______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
