Wireguard Client to access server

Thomas126 · 15 November 2021 14:41

Hi guys,

I’ve got a question where i am not sure my goal is acheavable that way. I have a RBP4 setup on one location where i cannot set a port forwarding by myself due to lack of Router Access. I would love to have access to that server over the internet to access my files. So instead of setting up a port forwarding i did use wireguard in client mode to connect to my existing VPN on another server. The connection is made just fine. But i cannot access any files or webinterfaces as if i am on my local machine. Do i need to include those files and services within wireguards docker setup or is there a universal method to allow access to those things? Or maybe is that not possible at all?

I am running OMV on my berry.

Thanks for any help.
Best regards,
Tom

aptalca · 15 November 2021 15:07

You need to be more specific about which servers you’re referencing and where they’re located. I don’t want to make assumptions and give you false info

Thomas126 · 15 November 2021 15:28

Thanks for your reply. So basically ive got my local server running Samba and Bitwarden. I would love to access that over the internet. So i tried to connect to my VPN Server… Hope that clarifies.

cubimol · 19 December 2021 09:40

You should have no problem accessing a certain WireGuard client and its subnets from anywhere on the internet while connected to the WireGuard server.

The technique is very simple: (1) Configure subnets (or home networks) with different scopes so that there are no collisions when you access them (192.168.100.0/24, 192.168.101.0/24, …), (2) In the file ‘wg0.conf’ of the server adds the subnets to the variable ‘AllowedIPs’ of each client that you need (example: AllowedIPs = 10.10.20.9/32,192.168.101.0/24).

Note.- Checked with the docker linuxserver/wireguard server and any wireguard linux client.

Thomas126 · 28 January 2022 01:09

Thanks for your answer. So i am again trying to set it up but running into errors.
What have i checked so far.

Set up an external docker network for containers including wireguard to connect to one another.
pinging in between them locally works fine
setting up wireguard client addind the subnet under allowed ip also in server config for that peer
pinging inside wireguard server to the client ip works fine. So i am connected. But i cannot access the subnet within the external docker network created from other containers.

External Network with 188.20.0.0/16 subnet.

[
    {
        "Name": "wireguard-dns",
        "Id": "",
        "Created": "",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "188.20.0.0/16",
                    "Gateway": "188.20.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
                "": {
                "Name": "wireguard",
                "EndpointID": "",
                "MacAddress": "",
                "IPv4Address": "188.20.0.2/16",
                "IPv6Address": ""
            },
            "": {
                "Name": "nextcloud",
                "EndpointID": "",
                "MacAddress": "",
                "IPv4Address": "188.20.0.4/16",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {}
    }
]

Wireguard Client config:

[Interface]
Address = 10.13.13.5
PrivateKey = XXX
ListenPort = 51820
DNS = 10.13.13.1

[Peer]
PublicKey = YYY
Endpoint = server.wireguard:51820
AllowedIPs = 0.0.0.0/0, 188.20.0.0/24
PersistentKeepalive = 25

Wireguard Server config: Added on the Allowed IPs for RBP4 Peer the subnet and ip associated with client.

[Interface]
Address = 10.13.13.1
ListenPort = 51820
PrivateKey = XXX
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
# peer_RBP4
PublicKey = YYY
AllowedIPs = 10.13.13.5/32, 188.20.0.0/24

As i said i am able to ping within the wireguard server container to the client but not to the subnet. Also not able to access the nextcloud container in that subnet via http when connect to vpn.

Any ideas? Am looking to get acces in order to setup nextcloud wihtout any port forwarding.
Thanks in advance!

Thomas126 · 2 February 2022 12:07

Do I need to setup POSTUP and POSTDOWN rules in order to get my clients lan accessible form server?