Wireguard Client Can't Ping Wireguard Server or Access Resource on WG's LAN

Question

I have a piVPN running on a RPI B, in side my home, port forwarded from my home router p, with following config,

Server - wg0

[Interface]
PrivateKey = XXXX
Address = 10.6.0.1/24
MTU = 1500
ListenPort = 51820
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
FwMark = 0xca6c


### begin Client ###
[Peer]
PublicKey = XXXX
PresharedKey = XXXX
AllowedIPs = 0.0.0.0, ::0:0
PersistentKeepalive = 30
### end Client ###

and Client conf

[Interface]
PrivateKey = XXXX
ListenPort = 51820
Address = 10.6.0.2/24
MTU = 1500

[Peer]
PublicKey = XXXX
PresharedKey = XXXX
AllowedIPs = 10.6.0.2/32
Endpoint = DDNS_NAME:51820
PersistentKeepalive = 25

I can see that the server sees a handshake on initial connect, however post which I can't ping, nslookup or connect to a share on the LAN side.

My Question:

• Do I need to setup a port forwarding on client side as well
• I only want o access server resources (split tunnelling),

Any help would be greatly appreciated.

Answer 1

My Home router has another set of WIreguard sitting on top of it, with some rules for PostUp/PostDown.

Hence, I was able to fix the problem by updating the configuration of wire guard by removing the PostUp/PostDown rules on the Home router's WireGuard Configuration.

iptables could be a pain in the neck if not done rightly, watch out for those for any one who is coming at this post.

phew!