Project

General

Profile

Actions
Copy link

Bug #11289

closed

Wireguard: Automatic outbound NAT rules are applied to the WG interface

Added by Steve Wheeler over 3 years ago. Updated about 3 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Jim Pingle
Category:
WireGuard
Target version:
2.5.0
Start date:
01/22/2021
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.5.0
Affected Architecture:
All

Description

It's unexpected that they should be there for a site-to-site setup.

Additionally the WG interface subnet is included in the 'tonatsubnets' table so it NAT's it's own traffic:

WG0     icmp     172.27.116.16:7147 (172.27.116.16:53398) -> 172.27.116.1:7147     0:0     2.955 K / 2.955 K     84 KiB / 84 KiB

Testing in:

21.02-DEVELOPMENT (amd64)
built on Fri Jan 22 00:08:37 EST 2021
FreeBSD 12.2-STABLE

Actions
Copy link
 #1

Updated by Jim Pingle over 3 years ago

It should be excluded from automatic outbound NAT, but it does belong in tonatsubnets (so it gets NAT out WANs).

Commit coming momentarily.

Actions
Copy link
 #2

Updated by Jim Pingle over 3 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions
Copy link
 #3

Updated by Jim Pingle about 3 years ago

  • Status changed from Feedback to Resolved

OK on current snapshots. The automatic outbound NAT rules are not being applied to WireGuard interfaces (assigned or unassigned). The tunnel network remains in tonatsubnets as expected.

Actions
Copy link

Also available in: Atom PDF