how to config Wireguard for pve host?

F

fruchtzwerg

Member
Apr 3, 2023
35
2
13
I want to establish an vpn tunnel as site to side connection between two distant pve nodes (pve 1/ pve 2).
pve 1 is on a vps with one public IP
pve2 is behind a fritzbox.

My Setting:

I installed Wireguard-server in a LXC-wireguard on pve 1 and pve 2.
The connection between is LXC-wireguard-pve1 and LXC-wireguard-pve2 is established and from LXC-wireguard-pve1 I can ping all LXC of pve 2.
I configured a route for pve2 in the fritzbox.

Problem:
How can I configure the routing on pve1 that the other LXCs and the hostsystem can enter the distant network
Do I have to change the /etc/network/interfaces?


Any hints?
 
Last edited:
I found the a partial solution for all the LXC. I had to simply add the route to the linux bridge in the /etc/network/interfaces

Code: 
post-up ip route add 192.168.178.0/24 via 192.168.0.220

where 192.168.178.0/24 is the IP-range of the distant network and 192.168.0.220 the IP from the wireguard-server.

There is still remaining the problem that the host itself is not reachable. Any suggestions?
 
Last edited:
Code: 
auto enp41s0
iface enp41s0 inet static
        address {MAIN_IP}/27
        netmask 255.255.255.224
        pointtopoint 85.10.XXX.225
        gateway 85.10.XXX.225
        post-up echo 1 > /proc/sys/net/ipv4/conf/enp41s0/proxy_arp
 
Thanks for the reply. Do I have to add this as an additional Linux-Bridge?

Actually my interfaces look like this:


Code: 
auto lo
iface lo inet loopback

iface enp6s18 inet manual

auto vmbr0
iface vmbr0 inet static
        address xx.xxx.xx.xx/24 #(public IP of vps)
        gateway xx.xxx.xxx.xxx #(ethernetgateway of vps)
        bridge-ports enp6s18
        bridge-stp off
        bridge-fd 0

auto vmbr1
iface vmbr1 inet static
        address 192.168.0.1/24 # internal network
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o vmbr0 -j MASQUERADE
        post-up /root/iptables.sh
        post-down iptables -t nat -D POSTROUTING -s 192.168.0.0/24 -o vmbr0 -j MASQUERADE
        post-up ip route add 192.168.178.0/24 via 192.168.0.220 #routing

source /etc/network/interfaces.d/*

Or do I have to modify the existing vmbr1?
 
You must log in or register to reply here.
Top Bottom