I have been struggling to set up a simple mesh network with Wireguard and firewalld. My goal was to configure PC2 (10.0.0.3) in order to allow connections from PC1 (10.0.0.1). Just a simple connection, no VPN or anything like that, for now.
I am using Fedora Workstation 40, and I can’t seem to find the rule to make it work. Disabling the firewalld service works (ICMP, and other services like Cockpit and Torrent). Settings the target to ACCEPT works as well. Both machines are configured to use port 51820/udp, so I’m not really sure what else I should do.
I have finally come here because firewalld is used on Fedora, so maybe someone can help me figure out what I’m missing. I don’t even know if I should add masquerading, IP forwarding and so on, since the concepts sound so similar.
There is a handshake on both sides even when the ping doesn’t work, interestingly enough.
So far I have these rules applied:
FedoraWorkstation (default, active)
target: DROP
ingress-priority: 0
egress-priority: 0
icmp-block-inversion: no
interfaces: wg0 wlp3s0
sources:
services: ssh wireguard
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
Wireguard .conf files on their respective machines:
PC1
[Interface]
Address = 10.0.0.1/32
PrivateKey = hidden
ListenPort = 51820
[Peer]
PublicKey = hidden
Endpoint = hidden:51820
AllowedIPs = 10.0.0.3/32
PC2
[Interface]
Address = 10.0.0.3/32
PrivateKey = hidden
ListenPort = 51820
[Peer]
PublicKey = hidden
Endpoint = hidden:51820
AllowedIPs = 10.0.0.1/32