The Wireguard network cannot be the same as the Protector network, see br0 and wg0 below.
The Wireguard network cannot be the same as the Protector network, see br0 and wg0 below.
Now I have changed the Wireguard network to 10.0.0.0/24, configured the Wireguard server with 10.0.0.1 and a client like this
And I can ping 10.0.0.1
However, this won’t send all the client traffic through the tunnel. To do this, it’s necessary to configure the client AllowedIPs like this:
Still unable to block traffic / don’t know if traffic is via firewall.
Is it uncommon setup at our end? Or really difficult to setup Protector? DO you need access to endpoint too to achieve this?
This configuration is wrong. The client IPs must be in the subnet 10.0.0.0/24, not 10.0.3.0/24. The settings must be changed in the client wireguard and in the Peers tab in the Protector. Moreover, the Allowed IPs must be 0.0.0.0/0, as I wrote in my previous email. Then, as Endpoint, you must put the public IP, not the local IP of the Protector.
See as example my client and the Secpoint-test entry in the Protector
The reason why Internet stops working can be because, after forwarding all the traffic through the VPN tunnel, the DNS is not reachable and the domains cannot be resolved. In this case, change the settings of the AllowedIPs parameter in the client Wireguard to 0.0.0.0/1, 128.0.0.0/1
This can also be done by UN-checking the kill-switch checkbox at the bottom. After that, to verify that all the traffic goes through the VPN tunnel, open a DOS prompt and do a dnslookup and a tracert, like:
nslookup secpoint.com
tracert secpoint.com
The nslookup should resolve the domain name, and the tracert should go through 10.0.0.1 as first point.
Comments
0 comments
Please sign in to leave a comment.