cs:wireguard
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
|
cs:wireguard [2020/12/14 11:18] paolo_bolzoni |
cs:wireguard [2020/12/14 21:00] paolo_bolzoni [Configuration] |
||
|---|---|---|---|
| Line 62: | Line 62: | ||
| PersistentKeepalive = 25 | PersistentKeepalive = 25 | ||
| - | For Peers the ''AllowedIPs'' section is just for routing. The ''Endpoint'' value is used to reach the machine running the wireguard interface. | + | For Peers the ''AllowedIPs'' section is just for routing. The ''Endpoint'' value is used to reach the machine running the wireguard interface; it can omitted if it is expected that the machine will be reached from outside first (i.e., functions as a server). |
| Line 87: | Line 87: | ||
| -A INPUT -p tcp -j REJECT --reject-with tcp-reset | -A INPUT -p tcp -j REJECT --reject-with tcp-reset | ||
| -A INPUT -j REJECT --reject-with icmp-proto-unreachable | -A INPUT -j REJECT --reject-with icmp-proto-unreachable | ||
| - | -A FORWARD -i wg0 -o wg0 -j ACCEPT COMMIT | + | -A FORWARD -i wg0 -o wg0 -j ACCEPT |
| + | COMMIT | ||
| + | |||
| + | Forwarding needs to be enabled at kernel level. | ||
| + | |||
| + | # sysctl -w net.ipv4.ip_forward=1 | ||
| + | |||
| + | If IPv6 is used: | ||
| + | |||
| + | # sysctl -w net.ipv6.conf.all.forwarding=1 | ||
cs/wireguard.txt · Last modified: 2021/07/27 07:43 by paolo_bolzoni
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
