Thank you for all who answered. This is working as expected now and I have a better understanding of how the AllowedIPs config works as well.
-jeremy On 2023-01-04 06:47, cont...@nagel-mail.com wrote:
Hello, As I understand your question, you are trying to accomplish, that only your WireGuard network ( extracted from your config some 10.0.0.0/8 network. The 192.168.128.0/17 would be a home network?) Will be routed from your client to your WireGuard server. The rest should just leave your client network card and routed from your local network. For that you simply have to set: AllowedIPs = 10.10.10.1/32 Or the whole 10.x/x Network you are using. Hope I understood your question correctly. Mit freundlichen Grüßen / best regards J. Nagel Fachinformatiker Systemintegration cont...@nagel-mail.comAm 04.01.2023 um 14:47 schrieb Jeremy Hansen <jer...@skidrow.la>:I have a remote network that I've tied in to my WG server. I'm noticing that all traffic from this remote network that goes outbound to the internet is getting routed through my wireguard server.Client config: [Interface] PrivateKey = XXXX Address = 10.10.10.10/32 ListenPort = 51821 [Peer] PublicKey = XXXX Endpoint = 11.11.11.11:51821 <- IP of the WG server. AllowedIPs = 0.0.0.0/0, ::/0 PersistentKeepAlive=25 Server config: [Interface] PrivateKey = XXXX Address = 10.10.10.1/32 ListenPort = 51821PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eno1 -j MASQUERADE# IP forwarding PreUp = sysctl -w net.ipv4.ip_forward=1 [Peer] PublicKey = XXXXAllowedIPs = 10.10.10.10/32, 192.168.128.0/17 <- Client's internal network.My goal is that regular outbound traffic just goes out the client node's outside routable interface and traffic between the internal networks goes through wireguard.For example, I'm seeing email being sent through the MTA I have configured on the "client" is showing up as originating from the outbound IP of the "server".Thanks! <0x1BF1B863.asc>
0x1BF1B863.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature