I am trying to setup a Wireguard VPN on a Fedora server. I have it up and running and can connect with multiple clients, browse through it, ssh into the server etc. In general it just works. Except for one thing. If I have two clients connected at the same time I cannot ssh from client A to client B or the other way for that matter through the VPN. I can ssh from server into either of the clients and from the clients into the server, but not between the client. The obviouse reason is the firewall so I tried disabling it and as I expected I could now ssh between clients on the same VPN subnet.
So the firewall is not setup properly but I have added the rule below:
iptables -A FORWARD -i wg0 -o wg0 -j ACCEPT
which should allow clients to communicate? As it is a Fedora server running with firewalld I figured I would make a new zone called vpn and add the wg0 interface to that one so I could make speciel rules for the VPN. That works and I can still browse and ssh between client and server but not between clients.
What am I missing? Must the forwarding rule be set through firewalld and if so what is the right command to do that as I cannot seem to get it right.
Edit: I tried with the command
firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i wg0 -o wg0 -j ACCEPT
but get a COMMAND_FAILED response from firewalld. No error codes or anĂ½thing else.
Edit 2: I added
firewall-cmd --permanent --zone=vpn --set-target=ACCEPT
Now I can ssh between clients. Is that the right way to do it?
