In case my house is NATed twice: that is, Internet model -> Network Router -> Load Balancing Router -> VPN Server. When the Client connects to Wireguard, there is traffic (bytes sent and bytes received) but the Client cannot go to the Internet.
| Join the channel Telegram belong to AnonyViet 👉 Link 👈 |
Ways to fix the error of Wireguard Client not being able to access the Internet when Nating twice are as follows:
On the Wireguard server execute the command: ip -o -4 route show to default
Check the results to see what network card you are using? In my case, the result will be:
default via 192.168.1.1 dev wlan0 proto dhcp src 192.168.1.32 metric 600
So you are using the card wlan0. If your Server is another Card, remember the Card name
Next enter the following commands (replace wlan0 with your card)
# Thêm NAT cho subnet WireGuard sudo iptables -t nat -A POSTROUTING -s 10.113.141.0/24 -o wlan0 -j MASQUERADE # Cho phép traffic từ wg0 đi ra LAN/Internet sudo iptables -A FORWARD -i wg0 -o wlan0 -j ACCEPT # Cho phép traffic ngược lại (gói trả về) đi vào wg0 sudo iptables -A FORWARD -i wlan0 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT
10.113.141.0/24 is the IP range given to the Client by Wireguard. Please check the actual range on your computer and fill in correctly. Open the config file in the /home/USER/configs/ directory and see the line Address = to know the IP range.
However, when rebooting the server, the configuration will be lost. To save the configuration, execute the following command:
sudo apt install iptables-persistent -y # Thêm NAT cho subnet WireGuard sudo iptables -t nat -A POSTROUTING -s 10.113.141.0/24 -o wlan0 -j MASQUERADE # Cho phép traffic từ wg0 đi ra LAN/Internet sudo iptables -A FORWARD -i wg0 -o wlan0 -j ACCEPT # Cho phép traffic ngược lại (gói trả về) đi vào wg0 sudo iptables -A FORWARD -i wlan0 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT sudo netfilter-persistent save
A little note when doing Lab, especially at home, often NAT twice when going through network Router -> Wifi Router -> PC, you need to pay attention when doing this.
