Highest Voted 'wireguard' Questions - Server Fault Stack Exchange

2

votes

2 answers

Forwarding VPS Traffic over WireGuard

So I've been pulling my hair out for the last 24 hours to sort this out. Long-story-short, my home internet runs over a 4G Mobile network, so this means I cannot Port Forward through my main Router. I have a few services internaly that I want to…

ubuntu port-forwarding wireguard

asked Aug 05 '23 at 14:57

Flakie

31
3

2

votes

1 answer

What does the subnet mask of the tunnel ip in Wireguard do?

Wireguard works even without setting a tunnel IP address, i.e. it's enough to set the AllowedIPs, endpoint addresses, private and public keys. In the docs of OpnSense, there is the following warning: Note: The tunnel address must be in CIDR…

subnet wireguard

asked Dec 06 '22 at 13:35

Georg Schölly

292
3
14

2

votes

1 answer

Does it make sense to conceal Wireguard port?

I have a server running Wireguard. Being a security paranoid, I'm using fwknop (Firewall Knocking Operator - a glorified port knocking server) to conceal the Wireguard port. This means that whenever I want to connect one of my clients to the…

linux security wireguard

asked Sep 03 '22 at 16:10

Pedro Abrantes

153
1
7

2

votes

0 answers

How to forward traffic on various ports through a wireguard vpn using iptables/ufw

I have 2 machines running ubuntu 22.04, we will call them server and proxy. The proxy is a vps with an static public ip, and the server is running behind a nat. I want to route all traffic on some ports on the proxy to the server. Right now, both…

ubuntu iptables proxy wireguard

asked Aug 29 '22 at 13:05

Laikar

121
2

2

votes

1 answer

WireGuard & UFW : UFW blocks traffic on wg0, even if a rule allows it

I run Wireguard on Debian with the additional interface wg0. With this ufw rule, I would expect that ufw would pass my traffic: ufw allow in on wg0 to any But instead, ufw is blocking the traffic: [14674.950320] [UFW BLOCK] IN=wg0 OUT=eth0 MAC=…

debian ufw wireguard

asked Jul 25 '22 at 13:37

Gill-Bates

585
2
8
23

2

votes

1 answer

Nginx reverse proxy through wireguard tunnel

I set up a wireguard tunnel between an AWS instance (acting as server) and a personal computer acting as client. Wireguard is installed on both in a docker container (using linuxserver image). On the local computer I have a website that I would like…

nginx wireguard nginx-reverse-proxy

asked Jun 25 '22 at 10:30

Rickj

23
1
5

2

votes

1 answer

VXLAN L3 over Wireguard L3, with VLAN-VNI Mapping

Hoping this is the right place - I originally posted on Network Engineering but it got closed and I was pointed to Server Fault. I am currently attempting to setup a L2 bridge between two sites using VXLAN to provide the L2 connectivity and…

linux-networking wireguard vxlan

asked May 22 '22 at 20:57

ChownAlone

21
3

2

votes

0 answers

Should I use an existing WireGuard connection as basis for a K8S CNI plugin?

I'm setting up a Kubernetes cluster, where the Nodes are distributed across different networks. Additionally, all Nodes are part of a WireGuard network. Each Node therefore has 2 IP addresses, one bound to its primary NIC (private or public IPv4)…

networking kubernetes wireguard

asked Feb 20 '22 at 13:00

muffel

342
7
21

2

votes

1 answer

Wireguard limiting access to services and machines in local network

I'm running a Wireguard "Server" in my local network, that i reach remotely through my static public IP. I want to be able to limit access to Wireguard remote peers to services/machines in my lan, where i host other server. Example: Server 1…

iptables wireguard

asked Feb 16 '22 at 21:55

plmdie

23
1
4

2

votes

1 answer

Wireguard forward traffic to host

I'm using Wireguard as docker container on a pi. I'm running a couple other services on the pi that I want to be only accessible over the wireguard connection. The wireguard server created an interface wg0 and a subnet 10.8.0.0/24. From inside the…

iptables vpn docker nat wireguard

asked Jan 29 '22 at 14:41

Mark

21
1
2

2

votes

1 answer

Wireguard Client IP Identification

Let's say we have the a Wireguard setup like in the below diagram (see imgur link, couldn't post image without reputation) with the following PostUp & PostDown: PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j…

networking iptables routing linux-networking wireguard

asked Jan 19 '22 at 21:38

samikroon

21
1
2

2

votes

1 answer

New WireGuard private key begins 'WEAK' - is this a warning?

I generated a WireGuard key in a virtual machine using the standard procedure wg genkey | tee privatekey | wg pubkey > publickey. The VM is running via KVM with virtio RNG backed by /dev/urandom. The private key that was generated looks like…

linux security wireguard

asked Jan 14 '22 at 19:45

Dark

232
1
11

2

votes

0 answers

Unable to resolve private dns zone over vpn with bind9 DNS

The Problem I have a VPC in which I need to access the servers using private FQDNs. The VPC is accessible through a wireguard VPN. The VPN server also serves as a DNS server running BIND9. I have set the DNS server with a private zone according to…

vpn bind internal-dns ufw wireguard

asked Nov 30 '21 at 04:46

Arnaud Songa-Côté

21
3

2

votes

2 answers

Wireguard on Alpine: automatically mount wg0 after boot

I have a wireguard installed on a Alpine server. It's working, but when I reboot the server, I'm obliged to manually execute wg-quick up wg0 wireguard:~# wg show wireguard:~# wg-quick up wg0 [#] [#] ip link add wg0 type wireguard [#] wg setconf wg0…

wireguard alpine

asked Nov 29 '21 at 23:16

cyanat

31
4

2

votes

0 answers

EC2 instance running Ubuntu as a router to Wireguard network

I have one machine in AWS EC2 running Ubuntu 16.04 (B) with Wireguard running as a VPN server for some Road Warrior devices (C). I'll try to sketch it below: +-----+ +-----+ +-----+ | |…

ubuntu amazon-web-services iptables routing wireguard

asked Nov 29 '21 at 16:20

Krzysztof Błażewicz

21
2

Questions tagged [wireguard]