FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

12086 questions

14384 answers

22686 comments

36291 members

0 votes
289 views 0 comments
by

Hi all,

we have several measuring stations equiped with RUT950 (clients) and connected by vpn to a wireguard server. All sites have the same subnet 172.24.0.0/16. I can access the client subnet by adding the 172.24.0.0/16 subnet to the allowed IP's in the server configuration. But this does only works for one client, if I want to access another clients subnet I have to change the server configuration. I tried to add for each client an individual subnet e.g. 10.X.0.0/16 to the allowed IP's in the server configuration and then add a route on the RUT950 to "connect" the 10.X.0.0/16 to 172.24.0.0/16 but somehow this does not work ... has anyone an idea for a solution?

Server Config:

[Interface]
PrivateKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Address = 10.6.0.1/8
MTU = 1420
ListenPort = 51820
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

### begin ExamplePeer ###
[Peer]
PublicKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
PresharedKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
AllowedIPs =  10.6.0.8/32, 10.1.0.0/16
### end ExamplePeer ###

1 Answer

0 votes
by
Hello,

There doesn't seem to be an easy way out of your issue, you can try to combine a 10.x network as you mentioned above and port forwarding rules but this will be cumbersome and will become error-prone pretty quickly.

One way is to renumber your network, instead of 172.24.0.0/16 use 172.24.x.0/24 with x different for each subnet.

Maybe the easiest would be to add a fc00::/7 ula IPv6 network above the existing one, with a different prefix for each subnet.

Regards,