Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

WireGuard: How to push routes and dhcp options to clients from server? [closed]

Tags:

vpn

openvpn

wireguard

Does WireGuard support a way for the VPN Server to push routes and DHCP options to its Clients, like what OpenVPN does with something like:

push "route 10.0.2.0 255.255.255.0 " 

push "dhcp-option DNS 10.66.0.4"

I have 100s of clients that dynamically setup their VPN connection to the VPN server and I want these routes and options installed as and when they connect to the VPN server.

like image 624
2020 Avatar asked Feb 19 '19 23:02

2020

People also ask

Does WireGuard route all traffic?

The New Namespace Solution It turns out that we can route all Internet traffic via WireGuard using network namespaces, rather than the classic routing table hacks.

How does WireGuard routing work?

At the heart of WireGuard is a concept called Cryptokey Routing, which works by associating public keys with a list of tunnel IP addresses that are allowed inside the tunnel. Each network interface has a private key and a list of peers. Each peer has a public key.

Does WireGuard work with Nat?

You need to configure NAT (Network Address Translation) to allow WireGuard clients to access the Internet.

1 Answers

Routes or even split-tunneling is done by setting the Allowed IPs parameter in the client configuration!

Client config

[Interface]
# client001 #
PrivateKey = <private key of client>
Address = 100.64.0.100/32
DNS = 100.64.0.1

[Peer]
PublicKey = <public key of server>
PresharedKey = <preshared key for client>
AllowedIPs = 100.64.0.0/10, 192.168.178.0/24
Endpoint = <your-ip-or-fqdn.to.connect>:<port>
PersistentKeepalive = 25

Server Config

[Interface]
Address = 100.64.0.1/10
SaveConfig = true
ListenPort = 51820
PrivateKey = <private key of server>

[Peer]
PublicKey = <public key of client>
PresharedKey = <preshared key for client>
AllowedIPs = 100.64.0.100/32

In this case the configuration for the client AllowedIPs = 100.64.0.0/10, 192.168.178.0/24 sets routes on the client to send everything for 100.64.0.0/10 and 192.168.178.0/24 into the wireguard tunnel but nothing else. (Ip forwarding and masquerading is also activated on the WireGuard server.)

The DNS = 100.64.0.1 parameter tells the client to use 100.64.0.1 (in my case the WireGuard server) as DNS server. Even the DNS is on the WireGuard-Server itself, internet traffic is still routed directly, only DNS is done by my custom DNS.

like image 7
PCFreak Avatar answered Oct 19 '22 19:10

PCFreak
Sign in to Comment

Related questions

When are enum values defined?
Why is gcc not showing a warning message for using $ in a variable name?
GetElementById from within Shadow DOM
Select Text in vertical in Spyder text Editor
How to enable built-in VPN in OperaDriver?
python asyncio gets deadlock if multiple stdin input is needed
New names: * `` -> `..18` message in R console
Xcode 10.2 hangs during Archive on arbitrary Task
Is it safe to call react hooks based on a constant condition?
No web browser found: could not locate runnable browser. Jupyter-notebook
How to get number's length in Dart?
Not able to install rstanarm on Ubuntu 18.04 LTS

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!