I've set up three Wireguard nodes – a, b and c (Vagrantfile below). Both b and c connect to a and are able to ping a over the Wireguard tunnel. But b and c aren't able to ping each other – why?
Vagrant.configure("2") do |config|
[
{
name: "a",
wgcfg: <<-WGCFG
[Interface]
PrivateKey=gCQW9uFhkiFwXAOfVINXm+BF4s8fZcTWAfxJboAg01I=
ListenPort=50031
Address=192.168.234.65/26
[Peer]
PublicKey=5T5HdEaGxtDLCoC4QTb3B1e0suer4IadTEwWZ5Je7w0=
AllowedIPs=192.168.234.0/26
PersistentKeepalive=25
[Peer]
PublicKey=1nYwoKaMswzdiM/2UNDDJf/DRX5m/6M27dLMOeqaxwk=
AllowedIPs=192.168.234.0/26
PersistentKeepalive=25
WGCFG
},
{
name: "b",
wgcfg: <<-WGCFG
[Interface]
PrivateKey=KFsOZmkbHUmPNQmjgWn4lJa/MiszGcAuFNJb8HSda2M=
Address=192.168.234.66/26
[Peer]
PublicKey=5U5KqwaEA3I9nMYAfVA6thA2XUwOUVU8Y4C8CzeRzVo=
Endpoint=172.28.128.3:50031
AllowedIPs=192.168.234.0/26
PersistentKeepalive=25
WGCFG
},
{
name: "c",
wgcfg: <<-WGCFG
[Interface]
PrivateKey=6Gl/ZbyOKJHhQUSLaMrShU/ukNfvvDdiwz1a7t45Q3I=
Address=192.168.234.67/26
[Peer]
PublicKey=5U5KqwaEA3I9nMYAfVA6thA2XUwOUVU8Y4C8CzeRzVo=
Endpoint=172.28.128.3:50031
AllowedIPs=192.168.234.0/26
PersistentKeepalive=25
WGCFG
}
].each do |specs|
config.vm.define specs[:name] do |config|
config.vm.box = "ubuntu/bionic64"
config.vm.network "private_network", type: "dhcp"
config.vm.provider "virtualbox" do |vb|
vb.memory = "1024"
end
config.vm.provision "shell", inline: <<-SHELL
sudo add-apt-repository -y ppa:wireguard/wireguard
sudo bash -c 'DEBIAN_FRONTEND=noninteractive apt-get -y install wireguard tshark'
sudo bash -exo pipefail -c 'cat <<<"$0" >/etc/wireguard/wg1.conf' '#{specs[:wgcfg]}'
sudo systemctl enable [email protected]
sudo systemctl restart [email protected]
sudo bash -exo pipefail -c 'cat <<<'net.ipv4.ip_forward=1' >/etc/sysctl.d/99-router.conf'
sudo sysctl -w net.ipv4.ip_forward=1
SHELL
end
end
end
Make one /30 subnet for a-b and one for a-c. Include the a-b subnet in AllowedIPs on c and the a-c subnet in AllowedIPs on b. I.e.: