I’m setting up a wireguard vpn on my Fedora server and connecting to it on my Fedora laptop client.
But I cannot ping the server address (10.0.0.1) from the client firstly. If I ping the client address (10.0.0.2) from the server firstly, then vice versa, it wil be successful. Additionally, the client cannot access the Internet. It cannot ping an Internet IP or domain name (like 162.14.77.208 or www.bing.com).
Since I want all my client traffic go through the vpn, is there any way to fix this? Thanks in advance.
Server-side config:
[Interface]
Address = 10.0.0.1/24, fd16:16:16::1/64
ListenPort = 51820
PrivateKey = <server privkey>
PostUp = firewall-cmd --zone=public --add-port 51820/udp && firewall-cmd --zone=public --add-masquerade
PostDown = firewall-cmd --zone=public --remove-port 51820/udp && firewall-cmd --zone=public --remove-masquerade
[Peer]
PublicKey = <client pubkey>
AllowedIPs = 10.0.0.2/32, fd16:16:16::2/128
Endpoint = 192.168.1.2:51820
Client-side config:
[Interface]
Address = 10.0.0.2/24, fd16:16:16::2/64
LIstenPort = 51820
PrivateKey = <client privkey>
[Peer]
PublicKey = <server pubkey>
Endpoint = 192.168.1.124:51820
AllowedIPs = 0.0.0.0/0, ::/0
Server-side other info:
# before manually pinging the client
root@fedora:/etc/wireguard# wg
interface: wg0
public key: ...
private key: (hidden)
listening port: 51820
peer: ...
endpoint: 192.168.1.2:51820
allowed ips: 10.0.0.2/32, fd16:16:16::2/128
# after manually pinging the client
# handshake is established now
root@fedora:/etc/wireguard# wg
interface: wg0
public key: ...
private key: (hidden)
listening port: 51820
peer: ...
endpoint: 192.168.1.2:51820
allowed ips: 10.0.0.2/32, fd16:16:16::2/128
latest handshake: 5 seconds ago
transfer: 308 B received, 220 B sent
root@fedora:/etc/wireguard# firewall-cmd --list-all-zones
FedoraServer (default, active)
target: default
ingress-priority: 0
egress-priority: 0
icmp-block-inversion: no
interfaces: wg0 wlp1s0
sources:
services: dhcpv6-client ssh
ports: 2022/tcp
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
FedoraWorkstation
target: default
ingress-priority: 0
egress-priority: 0
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client samba-client ssh
ports: 1025-65535/udp 1025-65535/tcp
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
block
target: %%REJECT%%
ingress-priority: 0
egress-priority: 0
icmp-block-inversion: no
interfaces:
sources:
services:
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
dmz
target: default
ingress-priority: 0
egress-priority: 0
icmp-block-inversion: no
interfaces:
sources:
services: ssh
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
drop
target: DROP
ingress-priority: 0
egress-priority: 0
icmp-block-inversion: no
interfaces:
sources:
services:
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
external
target: default
ingress-priority: 0
egress-priority: 0
icmp-block-inversion: no
interfaces:
sources:
services: ssh
ports:
protocols:
forward: yes
masquerade: yes
forward-ports:
source-ports:
icmp-blocks:
rich rules:
home
target: default
ingress-priority: 0
egress-priority: 0
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client mdns samba-client ssh
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
internal
target: default
ingress-priority: 0
egress-priority: 0
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client mdns samba-client ssh
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
nm-shared
target: ACCEPT
ingress-priority: 0
egress-priority: 0
icmp-block-inversion: no
interfaces:
sources:
services: dhcp dns ssh
ports:
protocols: icmp ipv6-icmp
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule priority="32767" reject
public
target: default
ingress-priority: 0
egress-priority: 0
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client mdns ssh
ports: 5001/tcp 51820/udp
protocols:
forward: yes
masquerade: yes
forward-ports:
source-ports:
icmp-blocks:
rich rules:
trusted
target: ACCEPT
ingress-priority: 0
egress-priority: 0
icmp-block-inversion: no
interfaces:
sources:
services:
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
work
target: default
ingress-priority: 0
egress-priority: 0
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client mdns ssh
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
Client-side other info
# handshake established normally
# no need to ping server manually
[root@pairface wireguard]# wg
interface: wg0
public key: ...
private key: (hidden)
listening port: 51820
fwmark: 0xca6c
peer: ...
endpoint: 192.168.1.124:51820
allowed ips: 0.0.0.0/0, ::/0
latest handshake: 10 seconds ago
transfer: 124 B received, 6.19 KiB sent