I think I found the problem, there is a typo in my iptable command. While editing with vi, I may have added additional i in the end of MASQUERADE. I removed it and restarted it. Now I am monitoring for issues.
On Sun, 9 Feb 2020 at 10:55, Kunal Shah <kunalv.s...@gmail.com> wrote: > Hi Jason, > > Thanks for your response. After the changes you suggested, It still gives > me the same problem. Now my GCP server wireguard configuration looks like > this. > > [Interface] > Address = 192.168.1.1 > SaveConfig = true > PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j > ACCEPT; iptables -t nat -A POSTROUTING -o ens4 -j MASQUERADEi;iptables -t > mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -j TCPMSS > --clamp-mss-to-pmtu > PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i > -j ACCEPT; iptables -t nat -D POSTROUTING -o ens4 -j MASQUERADE > ListenPort = 51840 > PrivateKey = <private key> > MTU=1380 > > [Peer] > PublicKey = <public key> > AllowedIPs = 192.168.1.2/32 > > On Sun, 9 Feb 2020 at 03:06, Jason A. Donenfeld <ja...@zx2c4.com> wrote: > >> GCP uses an MTU of 1460 because Google's network does weird things. >> That means the MTU for WireGuard should be 1380. On the GCP box, try >> adding `MTU=1380` to your config and add this line to PostUp: ` >> ; iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -j >> TCPMSS --clamp-mss-to-pmtu` >> >
_______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard