I actually found the solution back then when I hadn't even heared of WireGuard. The rest will still be sent into the tunnel. Whith setting up a second routing table which can be viewed via ip route show table 7 and the 0x55-rule we've basically told your machine to route every marked packet over the normal, unprotected eth0 interface. It's answers would simply be sent into the tunnel and be lost. That is why you can no longer reach your server over https, even if you had forwarded port 443 to it. This is great, but whenever you want to communicate with your routing machine over the unprotected interface, the answers of your machine would also be sent into the tunnel. This route might look like this: 0.0.0.0/1 via 10.8.8.1 dev tun0 and mean, that all your internet-traffic should be sent out through the tunnel. When you start your OpenVPN tunnel, a new route is set into the main routing table. Now you will be able to connect to your home-server via WireGuard even when it's OpenVPN tunnel is open.
Now add this to your wg0.conf: FwMark = 0x55 Where 192.168.1.5 is the IP of your external interface (eth0). Ip rule add fwmark 0x55 priority 1000 table 7 My firewall rules: -A FORWARD -i wg0 -j ACCEPTĪre there any firewall rules missing or any routes I have to add for this to work?Ĭreate a new routing table: ip route add default via 192.168.1.5 dev eth0 table 7 When I enable OpenVPN client (tun0 up) I cannot reach internal LAN and also I cannot reach Internet. When I connect to wireguard server without OpenVPN client running I can reach my internal LAN (192.168.1.X) and also get my requests forwarded to internet through raspberry pi (eth0). Inet 10.8.8.17 netmask 255.255.255.0 destination 10.8.8.17Įth0 - is the gateway to the internet (connected to my home router) This is my ifconfig output eth0: flags=41 I want to connect to my home through wireguard and send all the traffic through Openvpn connection.
I have a raspberry pi running an OpenVPN client connecting to a VPN provider and also a Wireguard server so I can connect to my home LAN from outside.
0 kommentar(er)
