"
Network
- I'm putting this in General since it feels like a fw issue rather than a VPN specific issue.
- I'm aware of tailscale (and use it), but don't want to add another external service and want to learn something as I roll this out
I'm trying to setup a way for my parents and siblings to occaisonally share pdf documents and family photos. The traffic will be bursty when upload/download/viewing, but relatively low traffic most of the time.
A computer on `192.168.10` should be able to access the pdf server on `192.168.50`; no need to support traffic from `192.168.50` back to the other nodes. In general only want to support using ssh, http/https, and icmp (troubleshooting) traversing the tunnels
Connection Info:
- none of the ISPs provide static ipv4 addresses, only one has ipv6 (which seems flaky)
- picked up a low-cost VPS to get static ipv4 (and ipv6) address
- no pass-through mode on any of the ISP boxes
- all "internal" fw ip are `.1`
So Far:
- I've created WG clients and connected to the VPS per various descriptions in the official docs
- the WG status indicates traffic is flowing
- each WG has an associated interface
- the mss clamping is set
- all firewall rules have 'enable logging' selected
- I'm not able to ping the remote wg ip nor the remote fw "inside" ip
- The firewall live view doesn't show block/accept for ping, traceroute, etc
Questions:
- Any big picture comments? (oh, you're just missing <...>)
- With the logging enabled, I'd expected to see firewall rules firing as packets hit the WG interface.
- How to capture packets on the "other side" of the interfaces to help track down if packets are even getting out the 'local' firewall
I can add the interface and firewall details; left out for now to start at the high level and work down to the details
Code Select
192.168.10.x 192.168.20.x
┌─────────┐ ┌───────────┐
│ parents │ │ sis/bro │
└─────────┘ └───────────┘
│ │
│ │
└──────────┐ ┌──────────┘
│ │
┌──▼────────▼──┐
│ VPS │ 192.168.100.x
└──────┬───────┘
▲
║
┌──────▼──────┐
│ Primary │
└─────────────┘
192.168.50.x
Disclaimers: - I'm putting this in General since it feels like a fw issue rather than a VPN specific issue.
- I'm aware of tailscale (and use it), but don't want to add another external service and want to learn something as I roll this out
I'm trying to setup a way for my parents and siblings to occaisonally share pdf documents and family photos. The traffic will be bursty when upload/download/viewing, but relatively low traffic most of the time.
A computer on `192.168.10` should be able to access the pdf server on `192.168.50`; no need to support traffic from `192.168.50` back to the other nodes. In general only want to support using ssh, http/https, and icmp (troubleshooting) traversing the tunnels
Connection Info:
- none of the ISPs provide static ipv4 addresses, only one has ipv6 (which seems flaky)
- picked up a low-cost VPS to get static ipv4 (and ipv6) address
- no pass-through mode on any of the ISP boxes
- all "internal" fw ip are `.1`
So Far:
- I've created WG clients and connected to the VPS per various descriptions in the official docs
- the WG status indicates traffic is flowing
- each WG has an associated interface
- the mss clamping is set
- all firewall rules have 'enable logging' selected
- I'm not able to ping the remote wg ip nor the remote fw "inside" ip
- The firewall live view doesn't show block/accept for ping, traceroute, etc
Questions:
- Any big picture comments? (oh, you're just missing <...>)
- With the logging enabled, I'd expected to see firewall rules firing as packets hit the WG interface.
- How to capture packets on the "other side" of the interfaces to help track down if packets are even getting out the 'local' firewall
I can add the interface and firewall details; left out for now to start at the high level and work down to the details
