I'm missing something obvious.
Why NAT doesn't work in a Wireguard server to route clients' traffic?
The server's Wireguard IP address is 10.40.0.1, the client's - 10.40.0.30.
Running tcpdump() on the server and pinging 1.1.1.1 from a client:
Why the source IP in the response is the same client's IP?
When pinging the server's IP everything looks normal:
Why NAT doesn't work in a Wireguard server to route clients' traffic?
Code:
ext_if="vtnet0"
wg_clients="10.40.0.0/24"
nat on $ext_if inet from $wg_clients to any -> ($ext_if)
The server's Wireguard IP address is 10.40.0.1, the client's - 10.40.0.30.
Running tcpdump() on the server and pinging 1.1.1.1 from a client:
Code:
# tcpdump -n -i wg0 icmp
listening on wg0, link-type NULL (BSD loopback), capture size 262144 bytes
18:10:39.237432 IP 10.40.0.30 > 10.40.0.30: ICMP host 1.1.1.1 unreachable, length 92
When pinging the server's IP everything looks normal:
Code:
18:33:44.209793 IP 10.40.0.30 > 10.40.0.1: ICMP echo request, id 45088, seq 3, length 64
18:33:44.209819 IP 10.40.0.1 > 10.40.0.30: ICMP echo reply, id 45088, seq 3, length 64