Hi Folks, Here are two question that I have concerning the Windows version of Wireguard.
My setup is as follows: A Windows machine with two Ethernet ports connects to two Linux clients, one on each end. There are two subnets defined for the two ports, 192.168.0.0/24 and 192.168.6.0/24. I need a secure tunnel from the Windows machine to each of the two Linux clients but the two Linux clients do not need to talk to each other. a) Under Linux, I can define several Wireguad tunnels that work independetly but this doesn't seem to be the case in Windows. In fact, when I activate one tunnel, the other one is automatically deactivated. Why is that? My work-around looks a little bit like hack but works, in principle. I've defined only one tunnel that includes the two Linux clients as peers even though they are in two different subnets: [Interface] PrivateKey = +OdjntqCs/OcJGsdGXXXXXMShNsdUW9EQW33HhvOVlQ= ListenPort = 51820 Address = 192.168.8.6/24 [Peer] PublicKey = ujRh46KyQrA0OlJZ77dXXXXXhUd4TaqKkoBhFj6ZlBk= AllowedIPs = 192.168.8.3/32 Endpoint = 192.168.6.2:51820 [Peer] PublicKey = 32VGe+PnVCtDio12GcrhKXXXXXlOWqy4ncD6G0U1Mhc= AllowedIPs = 192.168.8.4/32 Endpoint = 192.168.0.201:51820 So far, so good. b) The configuration described above breaks when I define a default gateway, e.g. 192.168.0.1. In this case, Wireguard messes up the packages that should go to 192.168.6.2 (the Linux client on the network where the gateway not is) and sends them to 192.168.0.1 (the default gateway). Ping commands to 192.168.6.2, however, work, in the sense that the routing table itself is still ok. It looks like this: IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.202 281 127.0.0.0 255.0.0.0 On-link 127.0.0.1 331 127.0.0.1 255.255.255.255 On-link 127.0.0.1 331 127.255.255.255 255.255.255.255 On-link 127.0.0.1 331 192.168.0.0 255.255.255.0 On-link 192.168.0.202 281 192.168.0.202 255.255.255.255 On-link 192.168.0.202 281 192.168.0.255 255.255.255.255 On-link 192.168.0.202 281 192.168.6.0 255.255.255.0 On-link 192.168.6.3 311 192.168.6.3 255.255.255.255 On-link 192.168.6.3 311 192.168.6.255 255.255.255.255 On-link 192.168.6.3 311 192.168.8.0 255.255.255.0 On-link 192.168.8.6 261 192.168.8.3 255.255.255.255 On-link 192.168.8.6 5 192.168.8.4 255.255.255.255 On-link 192.168.8.6 5 192.168.8.6 255.255.255.255 On-link 192.168.8.6 261 192.168.8.255 255.255.255.255 On-link 192.168.8.6 261 224.0.0.0 240.0.0.0 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 192.168.0.202 281 224.0.0.0 240.0.0.0 On-link 192.168.6.3 311 255.255.255.255 255.255.255.255 On-link 127.0.0.1 331 255.255.255.255 255.255.255.255 On-link 192.168.0.202 281 255.255.255.255 255.255.255.255 On-link 192.168.6.3 311 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 192.168.0.1 Default =========================================================================== Any ideas? There is no IPv6. If I remove the default gateway, the two tunnels work again. Ah, yes, and a final note - there is a related issue here: https://lists.zx2c4.com/pipermail/wireguard/2019-September/004493.html The answer to that post also seems to answer my question, too, but I'd like to get confirmation and maybe the world has moved on in the meantime. Cheers, Ingo _______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
