I have created a wireguard VPN server, but the clients cannot access some networks behind the server,
wireguard-server
eno1: 10.10.10.2/24 (GW)
eno2: 10.10.11.2/24
wg0: 10.66.66.1/24
I want the client of wireguard VPN can access to network 10.10.11.0/24 (it works with 10.10.10.2/24).
route -n
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.10.10.1 0.0.0.0 UG 0 0 0 eno1
10.10.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eno1
10.10.11.0 0.0.0.0 255.255.255.0 U 0 0 0 eno2
10.66.66.0 0.0.0.0 255.255.255.0 U 0 0 0 wg0
iptable -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -p udp -m udp --dport 44021 -j ACCEPT
-A FORWARD -i wg0 -j ACCEPT
-A FORWARD -i eno1 -o wg0 -j ACCEPT
I tried with ip route and masquerade iptable but it didn't work, Please.
Solved!
Solved by adding this lines in wg0.conf:
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eno2 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eno2 -j MASQUERADE