You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have an Ubuntu server with 2 nics that are LACP aggregated into a bond. The server is connected and given port-access to VLAN 2, 10.2.0.0/16. I have 6 vlans on my network, 10.1/16-10.6/16. My goal is to have LAN traffic NOT use the VPN but to have all WAN traffic use the vpn.
I used this utility to generate an "AllowedIPs" rule to support this:
The VPN connects, and it gives me an IP on a random subnet, usually 10._.#.#. The endpoint given is some WAN IP.
I can ping LAN resources, but not WAN resources. When I do "ip a" I see the pia wireguard interface is 10._.#.#, which is sometimes on one of my LAN subnets, sometimes not. I cannot ping the peer endpoint address or anything. If I check my routes, I see traffic is supposed to go over pia for everything except the LAN traffic:
root@sr66-server1:~# ip route
0.0.0.0/5 dev pia scope link
default via 10.2.1.254 dev bond0 onlink
8.0.0.0/7 dev pia scope link
10.0.0.0/16 dev pia scope link
10.2.0.0/16 dev bond0 proto kernel scope link src 10.2.<<LAN IP>>
10.7.0.0/16 dev pia scope link
10.8.0.0/13 dev pia scope link
10.16.0.0/12 dev pia scope link
10.32.0.0/11 dev pia scope link
10.64.0.0/10 dev pia scope link
10.128.0.0/9 dev pia scope link
11.0.0.0/8 dev pia scope link
12.0.0.0/6 dev pia scope link
16.0.0.0/4 dev pia scope link
32.0.0.0/3 dev pia scope link
64.0.0.0/2 dev pia scope link
128.0.0.0/1 dev pia scope link
I'm not sure how to troubleshoot this, is the fact that it's a VLAN over a port-access link an issue? Is there a way to make my local IP static (not a static incoming IP, but the IP from the interface on my site)?
Edit: I should say, this was working, but I recently modified my network to a managed switch with vlans, which is likely the issue. That being said, nothing in the config contraindicates that you can run PIA on a system on a VLAN?
The text was updated successfully, but these errors were encountered:
I have an Ubuntu server with 2 nics that are LACP aggregated into a bond. The server is connected and given port-access to VLAN 2, 10.2.0.0/16. I have 6 vlans on my network, 10.1/16-10.6/16. My goal is to have LAN traffic NOT use the VPN but to have all WAN traffic use the vpn.
I used this utility to generate an "AllowedIPs" rule to support this:
https://www.procustodibus.com/blog/2021/03/wireguard-allowedips-calculator/
That generated the following rule, which is what I implemented:
AllowedIPs = 0.0.0.0/5, 8.0.0.0/7, 10.0.0.0/16, 10.7.0.0/16, 10.8.0.0/13, 10.16.0.0/12, 10.32.0.0/11, 10.64.0.0/10, 10.128.0.0/9, 11.0.0.0/8, 12.0.0.0/6, 16.0.0.0/4, 32.0.0.0/3, 64.0.0.0/2, 128.0.0.0/1
The VPN connects, and it gives me an IP on a random subnet, usually 10._.#.#. The endpoint given is some WAN IP.
I can ping LAN resources, but not WAN resources. When I do "ip a" I see the pia wireguard interface is 10._.#.#, which is sometimes on one of my LAN subnets, sometimes not. I cannot ping the peer endpoint address or anything. If I check my routes, I see traffic is supposed to go over pia for everything except the LAN traffic:
I'm not sure how to troubleshoot this, is the fact that it's a VLAN over a port-access link an issue? Is there a way to make my local IP static (not a static incoming IP, but the IP from the interface on my site)?
Edit: I should say, this was working, but I recently modified my network to a managed switch with vlans, which is likely the issue. That being said, nothing in the config contraindicates that you can run PIA on a system on a VLAN?
The text was updated successfully, but these errors were encountered: