Project

General

Profile

Actions

Bug #11289

closed

Wireguard: Automatic outbound NAT rules are applied to the WG interface

Added by Steve Wheeler almost 4 years ago. Updated almost 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
WireGuard
Target version:
Start date:
01/22/2021
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.5.0
Affected Architecture:
All

Description

It's unexpected that they should be there for a site-to-site setup.

Additionally the WG interface subnet is included in the 'tonatsubnets' table so it NAT's it's own traffic:

WG0     icmp     172.27.116.16:7147 (172.27.116.16:53398) -> 172.27.116.1:7147     0:0     2.955 K / 2.955 K     84 KiB / 84 KiB

Testing in:

21.02-DEVELOPMENT (amd64)
built on Fri Jan 22 00:08:37 EST 2021
FreeBSD 12.2-STABLE

Actions #1

Updated by Jim Pingle almost 4 years ago

It should be excluded from automatic outbound NAT, but it does belong in tonatsubnets (so it gets NAT out WANs).

Commit coming momentarily.

Actions #2

Updated by Jim Pingle almost 4 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #3

Updated by Jim Pingle almost 4 years ago

  • Status changed from Feedback to Resolved

OK on current snapshots. The automatic outbound NAT rules are not being applied to WireGuard interfaces (assigned or unassigned). The tunnel network remains in tonatsubnets as expected.

Actions

Also available in: Atom PDF