For Wireguard I am using subnet: 10.10.6.0/24. And for OpenVPN I am using subnet: 10.10.8.0/24.
Right after Wireguard is activated, I am running this script:
Code: Select all
#!/bin/bash
IPT="/sbin/iptables"
IPT6="/sbin/ip6tables"
IN_FACE="ens3" # NIC connected to the internet
WG_FACE="wg0" # WG NIC
SUB_NET="10.10.6.0/24" # WG IPv4 sub/net aka CIDR
WG_PORT="51194" # WG udp port
SUB_NET_6="fd42:42:42:42::/112" # WG IPv6 sub/net
## IPv4 ##
$IPT -t nat -I POSTROUTING 1 -s $SUB_NET -o $IN_FACE -j MASQUERADE
$IPT -I INPUT 1 -i $WG_FACE -j ACCEPT
$IPT -I FORWARD 1 -i $IN_FACE -o $WG_FACE -j ACCEPT
$IPT -I FORWARD 1 -i $WG_FACE -o $IN_FACE -j ACCEPT
$IPT -I INPUT 1 -i $IN_FACE -p udp --dport $WG_PORT -j ACCEPT
# Peers can see each other
$IPT -I FORWARD -i $WG_FACE -o $WG_FACE -j ACCEPT
In OpenVPN server I have push "route 10.10.6.0 255.255.255.0"
In /etc/ufw/before.rules I have (before *filter section):
Code: Select all
*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 10.10.8.0/24 -o ens3 -j MASQUERADE
COMMIT
Now the problem... Wireguard peers can see (ping) each other. OpenVPN clients also can see (ping) each other. BUT: Wireguard peers can not ping OpenVPN clients and vice versa. How to do that?