Set up a WireGuard connection following this quick start guide.
This tells the computer that it should pass along any traffic that is meant for a different computer on its network.
We modify /etc/sysctl.conf
:
net.ipv4.ip_forward = 1
and force a configuration reload:
sysctl -p
or simply:
echo 1 > /proc/sys/net/ipv4/ip_forward
By default, UFW blocks all forwarding.
You can insert the following rule under /etc/ufw/before.rules
, to the already existing filter
section or your own one (remember to COMMIT
!):
*filter
.
.
-A FORWARD -i wg0 -j ACCEPT
.
.
COMMIT
Make sure to change the interface wg0
to your WireGuard interface.
You have to route all packets sent to the client's virtual IP back to the VPN server.
Example using Cisco router:
10.8.0.0 - virtual network subnet
255.255.255.0 - virtual network subnet mask
192.168.1.175 - VPN server internal IP (in the subnet of the router)