this post was submitted on 28 Dec 2023
1 points (100.0% liked)

WireGuard

3 readers
1 users here now

WireGuard - a fast, modern, secure VPN Tunnel.

founded 1 year ago
MODERATORS
[email protected]
1
Wireguard - Redirect some traffic over another vpn. Weird behaviour (zerobytes.monster)
submitted 11 months ago by [email protected] to c/[email protected]
0 comments fedilink hide all child comments
 
This is an automated archive.

The original was posted on /r/wireguard by /u/Cultural-Water-2172 on 2023-12-28 09:21:18+00:00.

Objective: Use a cloud server as a Wireguard server and as a Nordvpn exit node.

Problem: some traffic (curl) is being redirected via Nordvpn, but not http traffic

I referenced this thread to setup my config:

Keep in mind that my linux/routing experience is zero. So I have been doing a lot of trial and error..

What I ended up with:

If I on my windows client I connect via wireguard to my oracle cloud server and run "curl ifconfig.me" on windows DOS --> I get the nordvpn ip, so it works!

But: if I try to navigate on windows to whatismyip.org -> I get my oracle server ip.

This has something to do with routing obviously, but I couldn't figure it out. The oracle wg server wg0.conf is:

[Interface]
# Server Oracle
SaveConfig = false
Address = 172.16.0.0/32

ListenPort = 51820
MTU = 1350
PrivateKey = x 
# public = x 

# Same as nordvpn (nordlynx)
FwMark = 0xe1f1

PostUp = iptables -I FORWARD -o enp0s6  -j REJECT
PostUp = iptables -I FORWARD -i %i -j ACCEPT
PostUp = iptables -I FORWARD -o %i -j ACCEPT
PostUp = iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

###If I enable this, I can connect but all the packets will be refused:
#PostUp = iptables -I FORWARD -j REJECT

    #NAT
    PreUp  = iptables -t nat -I POSTROUTING -o enp0s6 -j MASQUERADE
    PreUp  = iptables -t nat -I POSTROUTING -o nordlynx -j MASQUERADE

PostDown = iptables -D FORWARD -o enp0s6  -j REJECT
PostDown = iptables -D FORWARD -i %i -j ACCEPT
PostDown = iptables -D FORWARD -o %i -j ACCEPT
PostDown  = iptables -D FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
#PostDown  = iptables -D FORWARD -j REJECT

    #NAT
    PostDown = iptables -t nat -D POSTROUTING -o enp0s6 -j MASQUERADE
    PostDown = iptables -t nat -D POSTROUTING -o nordlynx -j MASQUERADE

[Peer]
#pc 
PublicKey    = x
PresharedKey = x
AllowedIPs   = 172.16.0.1/32

Nordlynx.conf (nordvpn) wg configuration:Retrieved using sudo wg showconf nordlynx

[Interface]
ListenPort = 59590
FwMark = 0xe1f1
MTU = 1350
PrivateKey = x

[Peer]
PublicKey = x
AllowedIPs = 0.0.0.0/0
Endpoint = xxxxx:51820
PersistentKeepalive = 25

Note that I have a pihole binded to wg0 (dns 10.0.0.7)If I use 10.0.0.7 or 1.1.1.1 on my windows client to navigate (thus bypassing the pihole) the output ip is still the oracle server ip (not nordvpn)

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here