Wireguard + OpenVPN iptables conflict
nik1071 opened this issue · comments
nik1071 commented
When i install your project of OpenVPN near WG it overrides WG iptables(from 10.7.0.0/24 to 10.8.0.0/24) each time after reboot and i cannot use WG. Is there any workaround for it?
Nyr commented
This should not happen and I can not reproduce it. For example, in Debian 11 it looks like this:
# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- 10.7.0.0/24 !10.7.0.0/24 to:217.71.205.14
SNAT all -- 10.8.0.0/24 !10.8.0.0/24 to:217.71.205.14
abergasov commented
it usually happens after some OS updates.
for example, my output was like this
➜ ~ iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- 10.8.0.0/24 !10.8.0.0/24 to:MY_IP
it floating situation, sometimes WG overwrite, sometimes OpenVPN
not elegant solution, but i simply add missed rule after reboot
sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to SERVER_IP
sudo iptables -t nat -A POSTROUTING -s 10.7.0.0/24 ! -d 10.7.0.0/24 -j SNAT --to SERVER_IP