El 26/1/26 a las 14:54, Sad Clouds escribió:
On Mon, 26 Jan 2026 12:30:08 +0100 Ramiro Aceves <ea1abz%gmail.com@localhost> wrote:
Sorry, after adding that route pinging from outside does not work either.
I'm not sure what you mean by outside. I currently use wireguard on a
LAN. The way I have it set up - I have a server and a client. I can
initiate a connection from client to server any time, but not the other
way round if wgconfig on the server shows latest-handshake as never
for this peer:
wgconfig wg0
interface: wg0
private-key: (hidden)
listen-port: 51820
peer: test
public-key: XXX
endpoint: (none)
preshared-key: (hidden)
allowed-ips: 10.1.5.50/32
latest-handshake: (never)
Once I establish a connection from the client and keepalive is running,
I can then ping this client from the server:
# ping 10.1.5.50
PING 10.1.5.50 (10.1.5.50): 56 data bytes
64 bytes from 10.1.5.50: icmp_seq=0 ttl=255 time=0.640570 ms
64 bytes from 10.1.5.50: icmp_seq=1 ttl=255 time=0.647329 ms
64 bytes from 10.1.5.50: icmp_seq=2 ttl=255 time=0.626626 ms
I think you can configure wireguard server so it acts as a server and
client at the same time by specifying option "--endpoint=" in the "add
peer" command, but I've not tried it yet.
Hello Sad,Thanks for answering. My setup is a bit different than yours. I have a wireguard NetBSD-10.1 client on my raspberry PI ZeroW. My RpiZero is connected to my home router via WIFI (other equipments are also connected to my home LAN, by WIFI or ethernet, but they do not take into account for this problem.). Rpi is 192.168.1.230. Router is 192.168.1.1 and it is the gateway to the internet.
On the other side, outside home, on the internet, www.ampr.org asigned to me a 44.27.132.76 IP (There are many reserved IP for licensed amateur radio hams in order to experiment). Also, https://connect.44net.cloud/ provides to the registered users a tunnel to their IPs (in my case, 44.27.132.76). That IP is accessible from all the internet. So when the tunnel is properly configured, any one from anywhere in the internet can ping 44.27.132.76 or access to an SSH or WEB server you may configure at the other side of the tunnel, in your home. (I have tested it both that works in Linux and FreeBSD, to discard any problems before continue fighting it in NetBSD operating system)
Ping from the internet to 44.27.132.76 do not work. My RPiZeroW does not reply to ping ICMP requests. SSH does not work either.
I configure my tunnel this way:
netbsd-raspaZeroW$ cat levantatunel.sh
#!/bin/sh
set -x
ifconfig wg0 create mtu 1380
ifconfig wg0 inet 44.27.132.76/32
ifconfig wg0 inet6 fe80::644d:cf7a:c00:bae9/128
wgconfig wg0 set private-key /etc/wg/wg0.priv
wgconfig wg0 add peer A \
asdfggfhffghkjhkhkhlkjhlkjhlkjhljhlkj \
--allowed-ips=0.0.0.0/0,::/0 \
--endpoint=44.27.227.1:44000
ifconfig wg0 up
netbsd-raspaZeroW# ifconfig wg0
wg0: flags=0x8041<UP,RUNNING,MULTICAST> mtu 1380
status: active
inet6 fe80::ba27:ebff:feed:8547%wg0/64 flags 0 scopeid 0x3
inet6 fe80::644d:cf7a:c00:bae9%wg0/128 flags 0 scopeid 0x3
inet 44.27.132.76/32 flags 0
netbsd-raspaZeroW#
Hope I have clarified it a bit more.
Regards.
Ramiro.