toroidalcore

I just spent some time trying to troubleshoot a wireguard link I have between two sites. One side is running OpenBSD, and I found that all of a sudden I couldn't ping the networks at the remote site, which I could previously get to through the wireguard tunnel. However, if I disabled PF on the OpenBSD machine, I could.

The other side was configured to see the OpenBSD machine as a wireguard endpoint, and so had the DNS address of this machine in its wg0.conf file. I didn't have this set up on the OpenBSD side. When I configured the OpenBSD machine to have the other side as a wgendpoint, things worked.

I'm happy it's working, but this is something I'll have to look into more.

Find me at @toroidalcore@hackers.town