I use a ubuntu server to create a wireguard VPN on my system. Now i thinking that would be great, that i able to do the same With my vyos system. (network do network )
my Ubuntu server IP address is 192.168.31.105 the Vyos IP address is 192.168.31.1
I able to create a Wireguard connection with vyos and i able to connect it, but i can not ping to the wg0 interface ip (like 192.168.33.1) with client and i can not ping client with wireguard.
What is the problem?
I use this config:
set interfaces wireguard wg0 address '192.168.33.1/32'
set interfaces wireguard wg0 port '123'
set interfaces wireguard wg0 peer CLIENT1 allowed-ips '192.168.33.0/24'
set interfaces wireguard wg0 peer CLIENT1 persistent-keepalive 15
set interfaces wireguard wg0 peer CLIENT1 pubkey '<pubkey client1>'
set protocols static interface-route '192.168.31.0/24' next-hop-interface wg0
As @hagbard say, 123 is a reserved port for ntp, and I would have avoided using ports under 1024 as they are almost all treated specially by the kernel in terms of permissions to use and are almost all reserved by protocols already.
I also see that the interface address on your ubuntu device is set to 192.168.32.1/16, that means you have created an ip subnet reaching from 192.168.0.0 to 192.168.255.255 as directly connected to the wireguard interface… on the vyos side you’ve set 192.168.33.1/32 as address, this means that the vyos device only thinks there are ONE host inside the subnet… and that is himself… that means that if you are standing on the vyos device it is not able to reach the ip of the ubuntu device because he don’t know that there are other devices on the link.
as for the configuration… my sugestions are:
change to a port over 1024
on the ubuntu device change "Address = " to a free 192.168.x.y/24
change all your other devices to an address within 192.168.x with /24 netmask
i you on your clients need to reach other clients, add their ipnetts as a static route pointing to the wg0 interface
)
)