0

Apologies in advance if this is a silly question. I'm a bit of a networking novice so bear with me here.

I have a WireGuard VPN server hosted on a Linode instance and two Windows clients at different locations. Currently each client can reach the internet through the VPN server, but I would like the ability for one client (10.0.0.3) to connect to another (10.0.0.2) using Windows Remote Desktop through the VPN, which is where I am currently running into issues.

When both clients are connected to the VPN, I can ping the other client using the LAN address. However, attempting to connect through RDP or using telnet 3389 from the source client results in the connection timing out.

I've already enabled Remote Desktop on the destination client and also added tried adding exceptions in Windows Firewall (as well as disabling it outright), so I don't think the issue is on the receiving end. Furthermode, if I use telnet 3389 from the VPN server to the destination client, it is able to connect, which leads me to believe that there is a misconfiguration somewhere in WireGuard which is preventing traffic between the two clients.

This is what my .conf file looks like currently on the WireGuard instance:

[Interface]
Address = 10.0.0.1/24
Address = fd86:ea04:1115::1/64
SaveConfig = true
PostUp = ufw route allow in on wg0 out on eth0
PostUp = iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
PostUp = ip6tables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
PreDown = ufw route delete allow in on wg0 out on eth0
PreDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
PreDown = ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 51820
PrivateKey = <privatekey>

[Peer]
PublicKey = <publickey>
AllowedIPs = 10.0.0.2/32, fd86:ea04:1115::2/64
Endpoint = <ip>:53042

[Peer]
PublicKey = <publickey>
AllowedIPs = 10.0.0.3/32, fd86:ea04:1115::3/64 
Endpoint = <ip>:53042

And the configuration on the source client:

[Interface]
PrivateKey = <privatekey>
Address = 10.0.0.3/32
DNS = 1.1.1.1, 1.0.0.1

[Peer]
PublicKey = <publickey>
AllowedIPs = 0.0.0.0/0
Endpoint = <ip>:51820

The destination client should be similar to above, except with 10.0.0.2/32 as the address instead.

Any help at all would be greatly appreciated!

Improve this question

1 Answer 1

Reset to default
0

The problem turned out to be ufw, which was only set to allow ports 22 and 51820. I added an additional rule to allow traffic on port 3389 and now I can connect to the other client without issues.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .