Forwarding over wireguard
I have a wireguard setup that lets me ping from either endpoint to the
other. Using the client, I would like to address hosts on the home
(server's) network by their local IP addresses.
On the client, I can ping the other end of the tunnel, but not any
local addresses. On the client:
root@iorich:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 172.20.10.1 0.0.0.0 UG 600 0 0 wls3
link-local 0.0.0.0 255.255.0.0 U 1000 0 0 wls3
172.20.10.0 0.0.0.0 255.255.255.240 U 600 0 0 wls3
root@iorich:~# wg-quick up wg0
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.0.2.3/24 dev wg0
[#] ip -6 address add fc00:23:5::3/64 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] resolvconf -a tun.wg0 -m 0 -x
[#] route add -net 192.168.100.0 netmask 255.255.255.0 dev wg0
root@iorich:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 172.20.10.1 0.0.0.0 UG 600 0 0 wls3
10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 wg0
link-local 0.0.0.0 255.255.0.0 U 1000 0 0 wls3
172.20.10.0 0.0.0.0 255.255.255.240 U 600 0 0 wls3
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 wg0
root@iorich:~# ping 10.0.2.1
PING 10.0.2.1 (10.0.2.1) 56(84) bytes of data.
64 bytes from 10.0.2.1: icmp_seq=1 ttl=64 time=182 ms
64 bytes from 10.0.2.1: icmp_seq=2 ttl=64 time=163 ms
64 bytes from 10.0.2.1: icmp_seq=3 ttl=64 time=170 ms
64 bytes from 10.0.2.1: icmp_seq=4 ttl=64 time=187 ms
64 bytes from 10.0.2.1: icmp_seq=5 ttl=64 time=170 ms
--- 10.0.2.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4007ms
rtt min/avg/max/mdev = 162.936/174.474/186.802/8.809 ms
root@iorich:~# ping 192.168.100.30
PING 192.168.100.30 (192.168.100.30) 56(84) bytes of data.
From 10.0.2.3 icmp_seq=1 Destination Host Unreachable
ping: sendmsg: Required key not available
From 10.0.2.3 icmp_seq=2 Destination Host Unreachable
ping: sendmsg: Required key not available
From 10.0.2.3 icmp_seq=3 Destination Host Unreachable
ping: sendmsg: Required key not available
From 10.0.2.3 icmp_seq=4 Destination Host Unreachable
ping: sendmsg: Required key not available
From 10.0.2.3 icmp_seq=5 Destination Host Unreachable
ping: sendmsg: Required key not available
--- 192.168.100.30 ping statistics ---
5 packets transmitted, 0 received, +5 errors, 100% packet loss, time 4087ms
root@iorich:~#
Searching on "ping: sendmsg: Required key not available" turned up no
examples or solutions. On the hypothesis that the key referred to was a
wireguard key, I checked those. Those appear to be OK.
--
Does anybody read signatures any more?
https://charlescurley.com
https://charlescurley.com/blog/
Reply to: