[SOLVED] Multiple network adapters routing Topic is solved

Have some feedback, questions, suggestions, or just fancy a chat? Pop it in here.
User avatar
Joulinar
Posts: 2072
Joined: Sat Nov 16, 2019 12:49 am

Re: Multiple network adapters routing

Post by Joulinar »

Maybe you would need to consider creating a 2nd Wireguard interface wg1 that points to your eth1 network. Still I guess something on iptables needed to be adjusted. But my know on iptable is limited.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
trendy
Posts: 122
Joined: Tue Feb 25, 2020 2:54 pm

Re: Multiple network adapters routing

Post by trendy »

WatskeBart wrote: Mon Mar 23, 2020 7:48 pm Client config is in the first post, and it's not a typo, it's there by default.
See the commented lines in the config which WireGuard generates:

Code: Select all

# Tunnel all network traffic through the VPN:
#       AllowedIPs = 0.0.0.0/0, ::/0
I tried setting it to 10.0.10.0/24 but still no joy.
Okay, it was a typo. It is /0, not /24
WatskeBart wrote: Mon Mar 23, 2020 7:48 pm I also tried this guide to add a extra routing table, but that didn't work. But maybe I added the wrong network info.
Forget about that.

I didn't see the client config the first time.
So you are allowing every prefix on the WG tunnel, however the "route-allowed" is not enabled.
Can you post the routing table from the client when the tunnel is up?
User avatar
WatskeBart
Posts: 12
Joined: Mon Mar 23, 2020 2:36 pm

Re: Multiple network adapters routing

Post by WatskeBart »

When the client is up (Win10 client) this is the routing table:

Code: Select all

10.9.0.0	255.255.255.0		On-link          10.9.0.3    256
10.9.0.3	255.255.255.255		On-link          10.9.0.3    256
10.9.0.255	255.255.255.255		On-link          10.9.0.3    256
When I add 10.0.10.0/24 in the AllowedIPs, then the routing table is like this:

Code: Select all

0.0.0.0		0.0.0.0			On-link          10.9.0.3      0
10.0.10.0	255.255.255.0		On-link          10.9.0.3      0
10.0.10.255	255.255.255.255		On-link          10.9.0.3    256
10.9.0.0	255.255.255.0		On-link          10.9.0.3    256
10.9.0.3	255.255.255.255		On-link          10.9.0.3    256
10.9.0.255	255.255.255.255		On-link          10.9.0.3    256
The only network B address I can ping from my client is 10.0.10.250, which is the 2nd ethernet interface on the RPi.
I also enabled ip_forwarding on all the interfaces.
I think I need to add a route from 10.9.0.0/24 to 10.0.10.0/24 but on which interface?

Thank you both for your help so far btw :)

P.S. wg0-client1.conf is the config used on the remote client and is in the last codeblock from the first post.
P.S.S. I only posted the WireGuard related route table info.
//WB

There's not much you can do, without a CPU.
User avatar
Joulinar
Posts: 2072
Joined: Sat Nov 16, 2019 12:49 am

Re: Multiple network adapters routing

Post by Joulinar »

can you try to do a traceroute from your mobile W10 system to a system on network B?
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
User avatar
WatskeBart
Posts: 12
Joined: Mon Mar 23, 2020 2:36 pm

Re: Multiple network adapters routing

Post by WatskeBart »

A tracert to a device in network B will only result in a pingback from 10.9.0.1 (WireGuard server), the rest is timed out.

A tracert to a device on network A will result in 2 hops:
  • 10.9.0.1 (WireGuard server on RPi)
  • 192.168.10.200 (device network A)
P.S. I updated the picture in the first post to hopefully clarify it a bit better.
//WB

There's not much you can do, without a CPU.
User avatar
Joulinar
Posts: 2072
Joined: Sat Nov 16, 2019 12:49 am

Re: Multiple network adapters routing

Post by Joulinar »

do you have access to a system on Network B and to try to capture traffic using Wireshark? I mean to see if there are packages arrived from the RPi?
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
User avatar
WatskeBart
Posts: 12
Joined: Mon Mar 23, 2020 2:36 pm

Re: Multiple network adapters routing

Post by WatskeBart »

Joulinar wrote: Tue Mar 24, 2020 2:10 pm do you have access to a system on Network B and to try to capture traffic using Wireshark? I mean to see if there are packages arrived from the RPi?
When I use my WireGuard remote client and SSH into the RPi, then I can reach network B perfectly. But I cannot access network B directly from my WireGuard remote client. So yes there is traffic from the RPi to network B.

I think there's no routing from 10.9.0.1 (WG server) to 10.0.10.0/24 (network B), but I don't know how to add this.
//WB

There's not much you can do, without a CPU.
User avatar
Joulinar
Posts: 2072
Joined: Sat Nov 16, 2019 12:49 am

Re: Multiple network adapters routing

Post by Joulinar »

I guess we misunderstood. I would like to do some package capture on a system on Network B if you try to access to a system on network B directly without doing a SSH session to your RPi first. So still the question if you have direct access to a system on Network B? Probably some routing is missing as well on Network B back to your RPi. Just guessing. Therefore it would be good to know if something arrived an Network B systems at all.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
trendy
Posts: 122
Joined: Tue Feb 25, 2020 2:54 pm

Re: Multiple network adapters routing

Post by trendy »

The problem is that Network B doesn't have a route to the WG network. Ideally you should add a static route on the gateways of both networks A and B for 10.9.0.0/24 via the IP of the Raspi.
If you cannot achieve that the other option is to SNAT on the Raspi, more or less what you have tried to do there with masquerade, but only for eth0, while you need to do it for eth1 as well.
Try this:

Code: Select all

iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source 10.0.10.250
User avatar
Joulinar
Posts: 2072
Joined: Sat Nov 16, 2019 12:49 am

Re: Multiple network adapters routing

Post by Joulinar »

yep indeed. That is what I was trying to check, if something arrived on Network B but get routed to the Internet Router on Network B and not back to the RPi. I personally add this static route on my Internet Router. But you already told you don't have access to Internet Router of Network B. So no option to set static route there.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Post Reply