Good day!
I have been using Linuxserver/Wireguard for months and it has been wonderful. One thing that I have been thinking about for some time is how to gain access to home network. Are there anyone who has achieved this or have some advice that could help me? This is what I have done so far:
- Added
net.ipv4.ip_forward = 1to/etc/sysctl.confand rebooted. - Added Home network LAN (10.0.1.0) to peer in server
wg0.confand rebooted.
[Peer]
PublicKey = …
AllowedIPs = 10.13.13.2/32,10.0.1.0/24
PersistentKeepalive = 25
Docker-compose snippet with linuxserver/wireguard
wireguard:
image: linuxserver/wireguard
cap_add:
- net_admin
- sys_module
environment:
TZ: "Europe/London"
PUID: 1000
PGID: 1000
SERVERURL: MY_URL
SERVERPORT: MY_EXT_PORT
PEERS: 2
PEERDNS: 8.8.8.8
INTERNAL_SUBNET: 10.13.13.0
ports:
- "51820:51820/udp"
restart: unless-stopped
volumes:
- /etc/docker/wireguard_server:/config
- /lib/modules:/lib/modules
PostUp and PostDown scripts in server wg0.conf
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
There is no need of adding static routes given both addresses are on the same subnet. So what else should I do? Do I need to add some additional rules to PostUp/Down such as: iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT; iptables -A FORWARD -i %i -o eth0 -j ACCEPT? Do I need to accept rules the other way as well, from eth0 to %i? I appreciate all the help I can get 