0

I have a Wireguard VPN configured on a Raspberry PI. All VPN peers have a 10.8.0.0/24 address and my home network is 192.168.1.0/24.

I have setup the main gateway to route 10.8.0.0/24 through the Raspberry PI (192.168.1.200) so that I don't need to MASQUERADE the traffic and I can have more control on which peer is accessing resources, but I can't ping, SSH or RDP anything. I can ping the Raspberry PI using its 192.168.1.200 address from any VPN peer and also the main gateway (192.168.1.254) is responding to pings and is accessible via webui. Everything else on the network works weird if I'm connecting from a VPN peer: a printer's webui works, but I can't ping the same printer (though maybe it's because it blocks pings from different networks) and I can't SSH any machine or use RDP unless I configure a NAT rule on the Raspberry PI, which is exactly what I'm trying to avoid.

There are no firewall rules configured on the target machines and, by running tcpdump on the Raspberry PI, I can see all the "ECHO request" packets coming in but no response going out, except for the gateway which is working as intended.

Am I missing something?

Improve this question
2
  • Did you check tcpdump on both interfaces (i.e. the pi's ethernet/wifi on one side and wireguard on the other)? Do those Echo requests arriving through wg0 actually exit through eth0/wlan0? And, do they eventually arrive at the target machine? (Install tcpdump/wireshark on the machine as well.) Does the machine send out a response, and what MAC address does it send the response to?
    – grawity_u1686
    Commented Feb 13, 2022 at 14:19
  • Yes, I ran tcpdump with -i any. The echo requests are only coming from the vpn ip address but aren't forwarded to the host on eth0 except when I ping the default gateway on 192.168.1.254, which is working properly
    – Jager
    Commented Feb 14, 2022 at 15:11

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .