Re: Wireguard on Bullseye
Charles Curley wrote:
> I would like to set up a Wireguard VPN. I have followed the
> instructions at
> https://wiki.debian.org/SimplePrivateTunnelVPNWithWireGuard down to the
> ping just above the heading "Routing configuration". The ping command
> as given doesn't work:
>
> root@iorich:/etc/wireguard# ping 10.0.2.1/24
> ping: 10.0.2.1/24: Name or service not known
> root@iorich:/etc/wireguard#
>
> However, striping out the /24 at the end helps.
That's fine.
> On the server, ping fails:
>
> root@hawk:/etc/wireguard# ping 10.0.2.2
> PING 10.0.2.2 (10.0.2.2) 56(84) bytes of data.
> From 10.0.2.1 icmp_seq=1 Destination Host Unreachable
> ping: sendmsg: Destination address required
> --- 10.0.2.2 ping statistics ---
> 5 packets transmitted, 0 received, +5 errors, 100% packet loss, time
> 4076ms
>
> I did check the keys; they appear to be correct.
>
> root@hawk:/etc/wireguard# wg show wg0
> interface: wg0
> public key: HBkAW05W2zxbTGEE4FstJLxnBpfDpec3KGhSfs6BLCU=
> private key: (hidden)
> listening port: 55820
>
> peer: 28TsK9q71ruQ18acpp89MXGjsLVsEQcsKW3Y38VrfEo=
> allowed ips: 10.0.2.2/32
> root@iorich:/etc/wireguard# wg show wg0
> interface: wg0
> public key: 28TsK9q71ruQ18acpp89MXGjsLVsEQcsKW3Y38VrfEo=
> private key: (hidden)
> listening port: 44458
>
> peer: HBkAW05W2zxbTGEE4FstJLxnBpfDpec3KGhSfs6BLCU=
> endpoint: 72.36.20.38:55820
> allowed ips: (none)
So iorich here is allowed to construct a tunnel to hawk, but no IPs from hawk
are allowed...
Add 10.0.2.1 to iorich's understanding of hawk's allowed ips.
Watch the status of the interface with
# wg
You should get per-peer notes about
latest handshake: 42 seconds ago
transfer: 369.99 MiB received, 427.05 MiB sent
(less to begin with, of course.)
If you add dzur and issola, they can either all talk to hawk or
you can tell all of them about all the others, mesh-style.
-dsr-
Reply to: