distilled
Senior Member
There are two distant LANs, Site 1 (192.168.15.0/24) and Site 2 (192.168.75.0/24).
Site 1 is running an Asus 66U with stock firmware. It has an OpenVPN server configured on the router.
Site 2 is running an Asus AC86U with the latest Merlin beta. It has OpenVPN configured as a client that connects to Site 1. Some selective routing is configured to allow only a few clients to connect to Site 1.
Site 1 has a Raspberry Pi with Wireguard client on it. That Pi is connected via Ethernet, but it also has a WiFi connection, for no good reason. Site 2 has another Raspberry Pi running Wireguard server on it. The Pi client and server communicate over WG.
I want to configure the Pi server as a router, so that several other machines at Site 1 can connect to the Pi at Site 2. I *thought* that I had this set up correctly, a quick
sudo /bin/su -c "echo -e '\n#Enable IP Routing\nnet.ipv4.ip_forward = 1' > /etc/sysctl.conf" and sudo iptables -A FORWARD -i eth0 -o wg0 -j ACCEPT, but it isn't working.
The real problem is that I am afraid of breaking the connection and not being able to get back to the Pi. Were it not for this, I would just experiment until I got it right, but swallowing my pride and asking for advice from more knowledgeable folks is easier than resetting that distant Pi.
And, before everyone points out that this is a purely dumb configuration, and that OpenVPN could be set up to do this same thing without WG being involved, yep, it sure could, but in this specific, temporary situation, this really is easiest/best.
Hope everyone is having a happy, safe 2021!
Site 1 is running an Asus 66U with stock firmware. It has an OpenVPN server configured on the router.
Site 2 is running an Asus AC86U with the latest Merlin beta. It has OpenVPN configured as a client that connects to Site 1. Some selective routing is configured to allow only a few clients to connect to Site 1.
Site 1 has a Raspberry Pi with Wireguard client on it. That Pi is connected via Ethernet, but it also has a WiFi connection, for no good reason. Site 2 has another Raspberry Pi running Wireguard server on it. The Pi client and server communicate over WG.
I want to configure the Pi server as a router, so that several other machines at Site 1 can connect to the Pi at Site 2. I *thought* that I had this set up correctly, a quick
sudo /bin/su -c "echo -e '\n#Enable IP Routing\nnet.ipv4.ip_forward = 1' > /etc/sysctl.conf" and sudo iptables -A FORWARD -i eth0 -o wg0 -j ACCEPT, but it isn't working.
The real problem is that I am afraid of breaking the connection and not being able to get back to the Pi. Were it not for this, I would just experiment until I got it right, but swallowing my pride and asking for advice from more knowledgeable folks is easier than resetting that distant Pi.
And, before everyone points out that this is a purely dumb configuration, and that OpenVPN could be set up to do this same thing without WG being involved, yep, it sure could, but in this specific, temporary situation, this really is easiest/best.
Hope everyone is having a happy, safe 2021!
