On 1/1/19 10:46 AM, siefke_listen@xxxxxx wrote:
> Forwarding is enabled like it stand in tutorial of Arch and Firewall
> only must open the port I used for wireguard?
>
There are 3 of cases that come to mind. (a) you're testing on internal
network (b) you're using external and wireguard is running on firewall
and (c) you're using external and wireguard is running behind your firewall.
In all cases, on the server running wireguard, you need iptables rules
to managing forwarding in addition to having net.ipv4.ip_forward = 1 to
enable forwarding in /etc/systctl.d/syscttl.conf and reload sysctl.
I'd recommend getting things working on (a) inside your network first,
then deal with packets going through your internet facing firewall.
So in summary, I'd ensure your iptables rules on the VPN server are
correct and working testing purely inside your network.
