I am using netmaker as a wireguard management service. I have set it up with the following:
- netmaker server on a vps (10.184.25.0/24)
- a host as ingress on the vps (10.184.25.1/24)
- a host as egress on my gl-b2200 home router. (10.184.25.2/24) the home router is also my primary gateway for my lan
the egress configuration is setup with a CIDR 192.168.1.0/24 with NAT for egress traffic enabled. some things i have confirmed working so far:
- from the vps i can successfully ping 10.184.25.2
- from the vps i can successfully ping 192.168.1.1
- from the home router i can successfully ping 10.184.25.1
- from the home router i can successfully ping 192.168.1.2
but, from the vps i cannot ping 192.168.1.2
# from the vps ping some other device on my lan
ping 192.168.1.2
From 10.184.25.2 icmp_seq=1 Destination Port Unreachable
i think i have confirmed that ip forwarding is enabled on the openwrt router:
# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
and it seems that both network interfaces are up
ifconfig br-lan
br-lan Link encap:Ethernet HWaddr my:mac:addr
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:xx errors:0 dropped:29 overruns:0 frame:0
TX packets:xx errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:xx (xx.x GiB) TX bytes:xx (xx.x GiB)
ifconfig netmaker
netmaker Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.184.25.2 P-t-P:10.184.25.2 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MTU:1420 Metric:1
RX packets:xx errors:0 dropped:7 overruns:0 frame:0
TX packets:xx errors:0 dropped:1 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:xx(x.x KiB) TX bytes:xx (x.x KiB)
the networking world is somewhat new to me. i would guess there is something in the firewall / iptables that is dropping this but i dont really know how to debug further and am looking for some guidance. Thanks!