[Problem] How to obtain a public IP via wireguard

lorbet

Neuer User
Mitglied seit
16 Apr 2016
Beiträge
15
Punkte für Reaktionen
0
Punkte
1
Hello,

I have a Fritz Box 7590 and I'm trying to set up a VPN connection so that I can obtain a public IP to use directly.

On the other end is a linux host running wireguard and it has two public IPs.

If I set up the connection to use a private network, everything appears to be fine, but if I try to assign one of the remote public addresses to the Fritz Box, the test fails (although on the linux machine I can see no traffic).

Things work when using linux machines on both ends.

This is my current configuration
Code:
[Interface]
PrivateKey = <local private key>
Address = <public IP 2>/32
DNS = <some publicly accessible nameserver>

[Peer]
PublicKey = <remote public key>
PresharedKey = <shared PSK>
AllowedIPs = <one particular address to be routed through the VPN>
Endpoint = <public IP 1>:51820
but the Fritz box won't accept it.

Does anyone here use a vpn connection in this fashion? How can the Fritz be made to "digest" such a configuration?

Thanks
 
Address = <public IP 2>/32
This of course will not work. The Fritzbox needs an address out of the wireguard net of the linux host. See: https://en.avm.de/service/vpn/setting-up-a-wireguard-vpn-between-the-fritzbox-and-another-router/, in particular the note in chapter 2.
So you can't route the second public IP directly to the Fritzbox.

On the linux host you have to ensure the VPN traffic is routed through the second public IP using policy based routing. For the other direction you need to establish port forwarding rules.
 
So you can't route the second public IP directly to the Fritzbox.
I forgot to mention that I use proxy-arp on the other end, which allows this to happen. At any rate it works on my local linux system.

So, it truly is the local address. Is there a way to convince the Fritz to accept this unusual setup?
 
Holen Sie sich 3CX - völlig kostenlos!
Verbinden Sie Ihr Team und Ihre Kunden Telefonie Livechat Videokonferenzen

Gehostet oder selbst-verwaltet. Für bis zu 10 Nutzer dauerhaft kostenlos. Keine Kreditkartendetails erforderlich. Ohne Risiko testen.

3CX
Für diese E-Mail-Adresse besteht bereits ein 3CX-Konto. Sie werden zum Kundenportal weitergeleitet, wo Sie sich anmelden oder Ihr Passwort zurücksetzen können, falls Sie dieses vergessen haben.