Differences

This shows you the differences between two versions of the page.

--- cs:wireguard [2020/12/14 11:17]
paolo_bolzoni Created Wireguard page
+++ cs:wireguard [2020/12/14 21:00]
paolo_bolzoni [Configuration]
@@ Line 32: / Line 32: @@
 === IP Addresses ===
-Virtual Private Networks, as the name suggest, use IPs in the private space. There are multiple spaces and Wireguard supports both IP6 and IP4, but for most purposes to use the IP addresses in the''10.0.0.0/8'' block are sufficient.
+Virtual Private Networks, as the name suggest, use IPs in the private space. There are multiple spaces and Wireguard supports both IP6 and IP4, but for most purposes to use the IP addresses in the ''10.0.0.0/8'' block is sufficient.
@@ Line 62: / Line 62: @@
   PersistentKeepalive = 25
-For Peers the ''AllowedIPs'' section is just for routing. The ''Endpoint'' value is used to reach the machine running the wireguard interface.
+For Peers the ''AllowedIPs'' section is just for routing. The ''Endpoint'' value is used to reach the machine running the wireguard interface; it can omitted if it is expected that the machine will be reached from outside first (i.e., functions as a server).
@@ Line 87: / Line 87: @@
   -A INPUT -p tcp -j REJECT --reject-with tcp-reset
   -A INPUT -j REJECT --reject-with icmp-proto-unreachable
-     -A FORWARD -i wg0 -o wg0 -j ACCEPT COMMIT
+     -A FORWARD -i wg0 -o wg0 -j ACCEPT
+  COMMIT
+Forwarding needs to be enabled at kernel level.
+  # sysctl -w net.ipv4.ip_forward=1
+If IPv6 is used:
+  # sysctl -w net.ipv6.conf.all.forwarding=1

Terra Laboratories

User Tools

Site Tools

Differences

Page Tools