1

I want to be able to setup Wireguard between two WSL2 instances on the same LAN but I cannot reach connectivity between them.

I have the following setup:

  • Windows network 192.168.0.0/24
  • Wireguard network 10.0.0.0/24
  • Machine 1 with WSL2 Ubuntu 20.04 (W10 host)
    • WSL2 network 172.19.208.0/28
    • WSL2 ip interface 172.19.209.104
    • WSL2 wireguard ip 10.0.0.2/24
  • Machine 2 with WSL2 Ubuntu 20.04 (W10 host)
    • WSL2 network 172.27.224.0/28
    • WSL2 ip interface 172.27.234.66
    • WSL2 ip Wireguard 10.0.0.1/24

Execute on Machine 1 WSL2: wg-quick up wg0.

Machine 1 Wireguard config /etc/wireguard/wg0.conf

[Interface]
PrivateKey = blablablalbal
ListenPort = 60709
Address = 10.0.0.2/24

[Peer]
PublicKey = blablablabal
Endpoint = 192.168.0.3:42659
AllowedIPs = 10.0.0.1/32

Execute on Machine 2 WSL2: wg-quick up wg0

Machine 2 Wireguard config /etc/wireguard/wg0.conf

[Interface]
PrivateKey = blablablalbal
ListenPort = 42659
Address = 10.0.0.1/32

[Peer]
PublicKey = blablablabal
Endpoint = 192.168.0.3:60709
AllowedIPs = 10.0.0.2/32

Tests:

  • ping 10.0.0.1 from Machine 1 or ping 10.0.0.2 from Machine 2 does not respond.
  • traceroute no info
  • interfaces wg0 up on both machines
  • different AllowedIPs (full Wireguard range /24..)
  • portproxy from Windows host to WSL2 Wireguard ports:
Machine 1

netsh interface portproxy add v4tov4 listenport=60709 listenaddress=192.168.0.3 connectport=60709 connectaddress=10.0.0.2

Machine 2

netsh interface portproxy add v4tov4 listenport=42659 listenaddress=192.168.0.4 connectport=42659 connectaddress=10.0.0.1

Routes on Machine 1 WSL2 Ubuntu

default via 172.19.208.1 dev eth0
10.0.0.0/24 dev wg0 proto kernel scope link src 10.0.0.2
172.19.208.0/20 dev eth0 proto kernel scope link src 172.19.209.104

Routes on Machine 2 WSL2 Ubuntu

default via 172.27.224.1 dev eth0
10.0.0.0/24 dev wg0 proto kernel scope link src 10.0.0.1
172.27.224.0/20 dev eth0 proto kernel scope link src 172.27.234.66

I think I have something missing on routing, but I dont know what else to do. Could any give me a hint or help?

Thanks.

Improve this question
1
  • If I didn't miss it, you did not specify a protocol for portproxy. It defaults to TCP, which is not what WireGuard uses.
    – Daniel B
    Commented Nov 7, 2022 at 21:46

1 Answer 1

Reset to default
1

Do not proxy a WireGuard interface's listen port to its own interface address. That will not work.

With WSL2, instead proxy that port to the VM's virtual NIC interface, like this on Machine 1:

netsh interface portproxy add v4tov4 listenport=60709 listenaddress=192.168.0.3 connectport=60709 connectaddress=172.19.209.104

And this on Machine 2:

netsh interface portproxy add v4tov4 listenport=42659 listenaddress=192.168.0.4 connectport=42659 connectaddress=172.27.234.66

Also see the answers and comments from the Connecting to WSL2 Server Via Local Network question for a variety of other approaches and tricks to proxying WSL2 connections.

And also note that you have the wrong Endpoint address in the WireGuard config posted for Machine 1 -- it should use the IP address for Machine 2, not Machine 1:

Endpoint = 192.168.0.4:42659
Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .