Wireguard + OpenVPN iptables conflict

Question

Wireguard + OpenVPN iptables conflict

nik1071 opened this issue 2 years ago · comments

When i install your project of OpenVPN near WG it overrides WG iptables(from 10.7.0.0/24 to 10.8.0.0/24) each time after reboot and i cannot use WG. Is there any workaround for it?

Nyr · Answer 1 · Tue May 10 2022 20:11:45 GMT+0800 (China Standard Time)

This should not happen and I can not reproduce it. For example, in Debian 11 it looks like this:

# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
SNAT       all  --  10.7.0.0/24         !10.7.0.0/24          to:217.71.205.14
SNAT       all  --  10.8.0.0/24         !10.8.0.0/24          to:217.71.205.14

abergasov · Answer 2 · Sat Jun 18 2022 17:49:31 GMT+0800 (China Standard Time)

it usually happens after some OS updates.
for example, my output was like this

➜  ~ iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
SNAT       all  --  10.8.0.0/24         !10.8.0.0/24          to:MY_IP

it floating situation, sometimes WG overwrite, sometimes OpenVPN
not elegant solution, but i simply add missed rule after reboot

sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to SERVER_IP
sudo iptables -t nat -A POSTROUTING -s 10.7.0.0/24 ! -d 10.7.0.0/24 -j SNAT --to SERVER_IP