Jump to content
Not connected, Your IP: 18.225.98.39
Sign in to follow this  
osalj

ANSWERED Wireguard - access from diffrent vlan

Recommended Posts

Posted ... (edited)

Hey!

I have VLAN49 - subnet 10.49.10.8/29
In VLAN49 I have a LXC host with Debian - 10.49.10.14

I also have another VLAN47 - subnet 10.47.1.0/24

In VLAN47 is my laptop - 10.47.1.248
From the laptop (VLAN47) I have access via ssh, http and ping to LXC with Debian.

On LXC I installed wireguard to connect it to the VPN server AirVPN.

Config below:

[Interface]
Address = 10.xxx.xx.xxx/32,fd7d:76ee:e68f:a993:c2d3:e941:82dd:7f0d/128
PrivateKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
MTU = 1320
DNS = 10.128.0.1, fd7d:76ee:e68 f:a993::1, 1.1.1.1
[Peer]
PublicKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
PresharedKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Endpoint = 185.189.112.21:1637
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 15


After starting the tunnel with this configuration I lose access from VLAN47 to LXC (10.49.10.14)

I changed AllowedIPs to
AllowedIPs = 0.0.0.0/5, 8.0.0.0/7, 10.0.0.0/11, 10.32.0.0/13, 10.40.0.0/14, 10.44.0.0/15, 10.46.0.0/16, 10.47.0.0/24, 10.47.2.0/23, 10.47.4.0/22, 10.47.8.0/21, 10.47.16.0/20, 10.47.32.0/19, 10.47.64.0/18, 10.47.128.0/17, 10.48.0.0/12, 10.64.0.0/10, 10.128.0.0/9, 11.0.0.0/8, 12.0.0.0/6, 16.0.0.0/4, 32.0.0.0/3, 64.0.0.0/2, 128.0.0.0/1

Unfortunately, after this change I have access to LXC from vlan47, but this LXC has no internet. Ping 1.1.1.1 ping google.com does not respond

How do I change this config? Edited ... by osalj

Share this post


Link to post
On 10/31/2024 at 1:24 PM, osalj said:

I changed AllowedIPs to
AllowedIPs = 0.0.0.0/5, 8.0.0.0/7, 10.0.0.0/11, 10.32.0.0/13, 10.40.0.0/14, 10.44.0.0/15, 10.46.0.0/16, 10.47.0.0/24, 10.47.2.0/23, 10.47.4.0/22, 10.47.8.0/21, 10.47.16.0/20, 10.47.32.0/19, 10.47.64.0/18, 10.47.128.0/17, 10.48.0.0/12, 10.64.0.0/10, 10.128.0.0/9, 11.0.0.0/8, 12.0.0.0/6, 16.0.0.0/4, 32.0.0.0/3, 64.0.0.0/2, 128.0.0.0/1


Hello!

This looks incorrect because in "AllowedIPs" you have to enter the ranges that you want inside the VPN. So, you are routing in the VPN even parts of the 10.0.0.0/8 subnet that you should not, if we understood correctly. Please try again with a subnet calculator and also compare with the following post:
https://airvpn.org/forums/topic/55801-wireguard-access-local-network/?do=findComment&comment=217458

Kind regards
 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...