Hi,
I am experiencing VPN issues using Wireguard. I have the tunnel up between office and data centre and I can ping anything in the data centre from any of the office machines except from the office VyOS itself, VyOS itself cannot ping anything in the data centre including the remote tunnel ip (10.1.0.1)
None of the machines in the data centre can ping anything in the office. My office-dc tunnel is effectively one-way. The DC VyOS cannot ping anything in the office including the remote tunnel ip (10.2.0.1)
Here is my config:
office VyOS config:
wireguard wg01 {
address 10.2.0.1/24
description VPN-to-DC
peer to-dc {
allowed-ips 10.42.0.0/16
endpoint DC_VYOS_PUBLIC_IP:34447
persistent-keepalive 15
pubkey ****************
}
port 34447
}
office VyOS routing table:
S>* 0.0.0.0/0 [1/0] via OFFICE_PUBLIC_UPSTREAM_GATEWAY, eth0, 1d01h35m
C>* 10.2.0.0/24 is directly connected, wg01, 1d01h35m
S>* 10.42.0.0/16 [1/0] is directly connected, wg01, 1d01h35m
C>* 10.52.36.0/22 is directly connected, eth1, 1d01h35m
C>* OFFICE_PUBLIC_IP_BLOCK/30 is directly connected, eth0, 1d01h35m
DC VyOS config:
wireguard wg01 {
address 10.1.0.1/24
description VPN-DC
peer to-office {
allowed-ips 10.52.37.0/24
endpoint VYOS_OFFICE_PUBLIC_IP:34447
persistent-keepalive 15
pubkey ****************
}
port 34447
}
DC VyOS routing table:
S>* 0.0.0.0/0 [1/0] via DC_PUBLIC_UPSTREAM_GATEWAY, eth0, 41w3d21h
C>* 10.1.0.0/24 is directly connected, wg01, 41w3d21h
C>* 10.42.0.0/16 is directly connected, eth1, 41w3d21h
S>* 10.52.37.0/24 [1/0] is directly connected, wg01, 41w3d18h
C>* DC_PUBLIC_IP_BLOCK/29 is directly connected, eth0, 41w3d21h
I’ve tried adding 0.0.0.0/0 to allowed ips on both sides without success.
Any ideas/suggestions on why this setup is one-way are welcome.
Regards,
Andrei.