So my setup is:
- OpenVPN server (IP is 10.8.3.1)
- OpenVPN client (IP is 10.8.3.2)
- Wireguard "server" (IP is 10.8.0.1)
- Wireguard "client" (IP is 10.8.0.5)
OpenVPN client and Wireguard "client" are two different machines.
What do I want? That all machines can see each other.
So in OpenVPN server config I have (among other settings):
Code: Select all
topology subnet
push "topology subnet"
server 10.8.3.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 10.8.3.1"
push "dhcp-option DNS 8.8.8.8"
client-to-client
push "route 10.8.0.0 255.255.255.0 10.8.3.1" # to Wireguard network
Code: Select all
#!/bin/bash
IPT="/sbin/iptables"
IN_FACE="ens3" # NIC connected to the internet
WG_FACE="wg0" # WG NIC
OVPN_FACE="tun1" # OpenVPN NIC
SUB_NET="10.8.0.0/24" # WG IPv4 sub/net aka CIDR
WG_PORT="51194" # WG udp port
## IPv4 ##
$IPT -t nat -I POSTROUTING 1 -s $SUB_NET -o $IN_FACE -j MASQUERADE
$IPT -I INPUT 1 -i $WG_FACE -j ACCEPT
$IPT -I FORWARD 1 -i $IN_FACE -o $WG_FACE -j ACCEPT
$IPT -I FORWARD 1 -i $WG_FACE -o $IN_FACE -j ACCEPT
$IPT -I INPUT 1 -i $IN_FACE -p udp --dport $WG_PORT -j ACCEPT
# WG can see OVPN and vice versa
$IPT -I FORWARD -i $WG_FACE -o $OVPN_FACE -j ACCEPT
$IPT -I FORWARD -i $OVPN_FACE -o $WG_FACE -j ACCEPT
# Wireguard peers can see each other
$IPT -I FORWARD -i $WG_FACE -o $WG_FACE -j ACCEPT
From OpenVPN client:
- ping to OpenVPN server: OK
- ping to Wireguard "server": OK
- ping to internet: OK
- curl ifconfig.me: OK (I get public IP address of the OpenVPN/Wireguard server)
- ping to Wireguard "client": OK
- ping to other OpenVPN client: OK
So everything fine here. Now from the Wireguard side:
From Wireguard peer:
- ping to OpenVPN server: OK
- ping to Wireguard "server": OK
- ping to internet: OK
- curl ifconfig.me: OK (I get public IP address of the OpenVPN/Wireguard server)
- ping to other Wireguard "client": OK
- ping to OpenVPN client: NOT WORKING
So as you can see, everything is working fine, except, I am unable to access OpenVPN clients from Wireguard peers ("clients").
Any idea how to solve this?