This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
cs:wireguard [2020/12/14 11:18] paolo_bolzoni |
cs:wireguard [2020/12/14 21:00] paolo_bolzoni [Configuration] |
||
---|---|---|---|
Line 62: | Line 62: | ||
PersistentKeepalive = 25 | PersistentKeepalive = 25 | ||
- | For Peers the ''AllowedIPs'' section is just for routing. The ''Endpoint'' value is used to reach the machine running the wireguard interface. | + | For Peers the ''AllowedIPs'' section is just for routing. The ''Endpoint'' value is used to reach the machine running the wireguard interface; it can omitted if it is expected that the machine will be reached from outside first (i.e., functions as a server). |
Line 87: | Line 87: | ||
-A INPUT -p tcp -j REJECT --reject-with tcp-reset | -A INPUT -p tcp -j REJECT --reject-with tcp-reset | ||
-A INPUT -j REJECT --reject-with icmp-proto-unreachable | -A INPUT -j REJECT --reject-with icmp-proto-unreachable | ||
- | -A FORWARD -i wg0 -o wg0 -j ACCEPT COMMIT | + | -A FORWARD -i wg0 -o wg0 -j ACCEPT |
+ | COMMIT | ||
+ | |||
+ | Forwarding needs to be enabled at kernel level. | ||
+ | |||
+ | # sysctl -w net.ipv4.ip_forward=1 | ||
+ | |||
+ | If IPv6 is used: | ||
+ | |||
+ | # sysctl -w net.ipv6.conf.all.forwarding=1 | ||