Do the lan hosts have the 192.168.42.3 as default gateway?
Also one more thing:
I doubt it will work without nat.
1 Like
DHCP will configure clients to send DNS requests to the main router 192.168.42.1 so then they will be forwarded unencrypted through the ISP in the usual way. Once the clients receive the DNS lookup they will then access the site through the VPN client and tunnel.
As I said this is OK for testing because you don't want to change too many things at once. But you aren't getting the most security of a VPN as long as DNS is running outside the tunnel.
Yes, they all have 192.168.42.3 as gateway through DHCP. I ought to make 192.168.42.3 static and set gateway to 192.168.42.1?
I can apparently declare my own IP-tables on the device, so modifying that roadbump should be doable, however I am a mere noob.
No, the 42.3 is correct, just cross checking.
This is something you need to figure out, otherwise it won't work.
I didn't go through all the firewall rules to verify if something else is wrong or missing, but this was too obvious.
I'll, just turn iptables off, to get things going and take it from there.
Btw, should I make 192.168.42.3 static? Or that's ok, that it gets directions of using oneself as gateway?
Of course the VPN client machine needs to be properly configured.
It's default route must be 192.168.42.1 so that it has a path to the raw Internet to reach the Wireguard server. If it takes a DHCP from the main router it would be misconfigured.
It should have the typical split 0.0.0.0/1 + 128.0.0.0/1 routes installed so that all Internet access (except the Wireguard server) goes into the tunnel.
Masquerading needs to be enabled on the tunnel.
Yes, I see my public wireguard ip from 192.168.42.3 and it uses the vpn for its traffic.