Linux

48074 readers

781 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago

MODERATORS

[email protected]

[Solved] Wireguard blocks ssh/smb :( (www.digitalocean.com)

submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]

15 comments fedilink hide all child comments

This was manually solved, I didn't check any other comment till the issue was fixed.

Take a look at my comment.

Thank you all for helping!

Hello.

I have wireguard set but the second it runs, services like ssh (22) and smb (455/445?) stop working.

nmap thinks my system is down.

Here is my config, I followed debian's guide since my server is Deb12:

[Interface]
Address = 192.168.1.120/24
SaveConfig = true
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wlp1s0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wlp1s0 -j MASQUERADE
ListenPort = 51820
PrivateKey = XXX

[Peer]
PublicKey = xxx
AllowedIPs = 192.168.1.230/32
Endpoint = 192.168.1.230:50104

No extra config was made.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago) (2 children)

Could be your routing rules? Here's what I use and it routes to anything inside my home network:

PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

Just be sure to replace eth0 with the name of your adapter before you try it.

Edit:

Almost forgot, I've also enabled routing on my server as well; here are the steps I took to enable that:

To configure forwarding, open the /etc/sysctl.conf file on your Wireguard Server using nano or your preferred editor: sudo nano /etc/sysctl.conf

If you are using IPv4 with WireGuard, add the following line at the bottom of the file: net.ipv4.ip_forward=1

If you are using IPv6 with WireGuard, add this line at the bottom of the file: net.ipv6.conf.all.forwarding=1

If you are using both IPv4 and IPv6, ensure that you include both lines. Save and close the file when you are finished.

To read the file and load the new values for your current terminal session, run: sudo sysctl -p

Output: net.ipv6.conf.all.forwarding = 1 net.ipv4.ip_forward = 1

Now your WireGuard Server will be able to forward incoming traffic from the virtual VPN ethernet device to others on the server and its LAN (if the LAN subnet is included in the AllowedIPs in the Wireguard config)

[–] [email protected] 1 points 1 year ago (1 children)

Unfortunely that didn't work.

The WG server is also servicing SSH and SMB.

[–] [email protected] 1 points 1 year ago

are your services accessible through the wg interface on the server ? Try with nmap -Pn -A -T4 -p CHANGEME_TO_SSH_OR_SMB IPADDR_OF_WG_NIC