Forwarding over wireguard

To: "debian-user@lists.debian.org" <debian-user@lists.debian.org>
Subject: Forwarding over wireguard
From: Charles Curley <charlescurley@charlescurley.com>
Date: Wed, 8 Dec 2021 13:30:45 -0700
Message-id: <[🔎] 20211208133045.22b56b6a@iorich.localdomain>

I have a wireguard setup that lets me ping from either endpoint to the
other. Using the client, I would like to address hosts on the home
(server's) network by their local IP addresses.

On the client, I can ping the other end of the tunnel, but not any
local addresses. On the client:

root@iorich:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         172.20.10.1     0.0.0.0         UG    600    0        0 wls3
link-local      0.0.0.0         255.255.0.0     U     1000   0        0 wls3
172.20.10.0     0.0.0.0         255.255.255.240 U     600    0        0 wls3
root@iorich:~# wg-quick up wg0
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.0.2.3/24 dev wg0
[#] ip -6 address add fc00:23:5::3/64 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] resolvconf -a tun.wg0 -m 0 -x
[#] route add -net 192.168.100.0 netmask 255.255.255.0 dev wg0
root@iorich:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         172.20.10.1     0.0.0.0         UG    600    0        0 wls3
10.0.2.0        0.0.0.0         255.255.255.0   U     0      0        0 wg0
link-local      0.0.0.0         255.255.0.0     U     1000   0        0 wls3
172.20.10.0     0.0.0.0         255.255.255.240 U     600    0        0 wls3
192.168.100.0   0.0.0.0         255.255.255.0   U     0      0        0 wg0
root@iorich:~# ping 10.0.2.1
PING 10.0.2.1 (10.0.2.1) 56(84) bytes of data.
64 bytes from 10.0.2.1: icmp_seq=1 ttl=64 time=182 ms
64 bytes from 10.0.2.1: icmp_seq=2 ttl=64 time=163 ms
64 bytes from 10.0.2.1: icmp_seq=3 ttl=64 time=170 ms
64 bytes from 10.0.2.1: icmp_seq=4 ttl=64 time=187 ms
64 bytes from 10.0.2.1: icmp_seq=5 ttl=64 time=170 ms

--- 10.0.2.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4007ms
rtt min/avg/max/mdev = 162.936/174.474/186.802/8.809 ms
root@iorich:~# ping 192.168.100.30
PING 192.168.100.30 (192.168.100.30) 56(84) bytes of data.
From 10.0.2.3 icmp_seq=1 Destination Host Unreachable
ping: sendmsg: Required key not available
From 10.0.2.3 icmp_seq=2 Destination Host Unreachable
ping: sendmsg: Required key not available
From 10.0.2.3 icmp_seq=3 Destination Host Unreachable
ping: sendmsg: Required key not available
From 10.0.2.3 icmp_seq=4 Destination Host Unreachable
ping: sendmsg: Required key not available
From 10.0.2.3 icmp_seq=5 Destination Host Unreachable
ping: sendmsg: Required key not available

--- 192.168.100.30 ping statistics ---
5 packets transmitted, 0 received, +5 errors, 100% packet loss, time 4087ms

root@iorich:~# 

Searching on "ping: sendmsg: Required key not available" turned up no
examples or solutions. On the hypothesis that the key referred to was a
wireguard key, I checked those. Those appear to be OK.

-- 
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

Reply to:

Follow-Ups:
- Re: Forwarding over wireguard
  - From: Dan Ritter <dsr@randomstring.org>
- SOLVED Re: Forwarding over wireguard
  - From: Charles Curley <charlescurley@charlescurley.com>

Prev by Date: Re: Debian 11.1.0 LXDE does not mount smart phone properly
Next by Date: Re: Reasonably simple setup for 1TB HDD and 250GB M.2 NVMe SSD
Previous by thread: Re: DHCP server for other site
Next by thread: Re: Forwarding over wireguard
Index(es):
- Date
- Thread