Topic: wireguard

[jameswilson]

Im installing a new vm server after a previous thread

Anyhow installed wireguard and setup my phone and laptop (how easy was this!! wonderful)
but im hoping to get it to route traffic to other things on the network not currently using this new server as its gateway (using the old sme server which is in server gateway)

My new vm is server server gateway.

The new server gw can ping etc all things on the local lan but i can only ping the new server over the wireguard vpn.
It looks like on my phone android can access other ips?

[ReetP]

Easy answer is scrap your old v9 server and use your v10 to do the work.

If you are still desperate to run some old bit of unsupported and insecure software on your v9 I guess you could reverse proxy a domain to it from your v10. Might keep it a little out of harms way.

[jameswilson]

agreed on the sme10 point
but can wireguard route this traffic?

[jameswilson]

its something openvpn bridge does, so would i better using that for my windows remote workers. its only 7 machines

[ReetP]

As JP told you elsewhere, write/draw your topology so we can see it.

If your v9 is server only and proxied from v10 gateway theb it is just another box on the same local subnet so wireguard should be able to access it I believe.

JP can confirm as it is his baby.

[Jean-Philippe Pialasse]

wireguard does not route.  sme does.

i guess and only guess


phone === internet ==WAN= SME 9 =LAN9==WAN= SME 10 with wireguard=LAN10

your LAN9 is not seen as local network for SME10 and your wireguard network and LAN10 network are not seen local by your SME9 and its ressources. 
as a results those 3 networks have limited exchange capability. 

the contrib has sufficient settings to allow the wireguard network to be seen as local for SME10

[jameswilson]

As JP told you elsewhere, write/draw your topology so we can see it.

If your v9 is server only and proxied from v10 gateway theb it is just another box on the same local subnet so wireguard should be able to access it I believe.

JP can confirm as it is his baby.

Totally Sorry i see what he meant now by what your network. Ive done a rough drawing, it probably wont explain enough but gives you a starter as to what I have and a me a starter as to what was meant.

[jameswilson]

wireguard does not route.  sme does.

i guess and only guess


phone === internet ==WAN= SME 9 =LAN9==WAN= SME 10 with wireguard=LAN10

your LAN9 is not seen as local network for SME10 and your wireguard network and LAN10 network are not seen local by your SME9 and its ressources. 
as a results those 3 networks have limited exchange capability. 

the contrib has sufficient settings to allow the wireguard network to be seen as local for SME10

Thankyou JPP
I have added a sme 10 with this brilliant contrib hoping to move a few remote workers to that for remote access. We use that currently via openvpn bridge to connect to a few windows 10 desktops that are on proxmox. Id like to do that with this. Currently we connect via the sme9, however the sme10 is on the same local lan with a differernt wan ip.
The old 9 and the new 10 are on the same lan (192.168.16.x) as are the windows machines used via rdp.
All the proxmox windows machines are static ip, even if i change one to use the new sme10 as its gateway the wireguard vpn doesnt give me a ping.
Im assuming that now that openvpn bridge and wireguard are different beasts and i should use openvpn bridge for windows remote users and wireguard for me and android access to my remote desktop.

[jameswilson]

Totally Sorry i see what he meant now by what your network. Ive done a rough drawing, it probably wont explain enough but gives you a starter as to what I have and a me a starter as to what was meant.

Also for my education if this isnt what was meant please say what is needed

James

[jameswilson]

Sorry I meant to include where the new sme10 is

[Jean-Philippe Pialasse]

openvpn bridge is easy as it will bridge external workers to your current lan.  this is easy as they end on same lan as you.

only difficult points there are:
- need to configure the certificates
- need to not have a subnet toi frequent like 192.168.1.x as a client might have the same at hole and routing table will not work when he will commect as it will have two different network with same subnet.

for wireguard and opnevpn routed they use their own subnet on top of you LAN. So there is routing to occurs at your sme to allow access to your ressources.
also a sme 9 not aware of you wireguard 172.x.x.x network will refuse access.  so your sme and few other machines on your lan that allow specific access need to have knowledge of this subnet to let them to have access. 
this could be a  RDP machine or a pihole dns service. 

there are way to configure routing at your sme 10 level to hide the client ip and let think the lan machine that this is the sme local ip contacting them. this is not implemented as it removes way to detect intrusions on your local services.

mtr to the ip you want to connect could help detect those kind of routing issues