I've been running wireguard with systemd in Debian for some time now.
On 2020-04-16 木 18:23, Hans Kraus <[email protected]> wrote:
/etc/systemd/network/wg0.netdev --------------------------------------------- [NetDev] Name=wg0 Kind=wireguard Description=Wireguard kraush [WireGuard] PrivateKey=<private key server> ListenPort=##### [WireGuardPeer] PublicKey=<public key client> AllowedIPs=<free range>.0/24 ---------------------------------------------
The only thing I can think of here is that your AllowedIPs ends with a zero - on the server you have to specify the exact IP address. It's on
the client side where you let the AllowedIPs be a wildcard. Examples: server-side: --- [WireGuardPeer] # Client1 address AllowedIPs=192.168.2.5 [WireGuardPeer] # Client2 address AllowedIPs=192.168.2.6 --- client-side: --- [WireGuardPeer] # Entire wireguard range AllowedIPs=192.168.2.0/24 ---
/etc/systemd/network/wg0.network --------------------------------------------- [Match] Name=wg0 [Network] Address=<free range>.1/24 ---------------------------------------------
You might want to consider adding IPForward=yes for the server's .network file, and FwMark=1234to client's .netdev file, to be sure you can do proper road warrioring
down the line. I'm also a bit paranoid and have added the following to my client .network files: client.network: --- [Route] Address=192.168.2.0/24 --- Hopefully the peer address fix solves your issues. -- Jonas Kalderstam PGP key: 987C54AB0D4451ED
signature.asc
Description: PGP signature
