When AllowedIPs is set to 0.0.0.0/0 the client is allowed to reach everything.
If you want to set it more restrictive you need to set at least 10.5.4.0/24 to reach the Nethserver that’s reachable by the NS8 Wireguard IP, usually 10.5.4.1, it can be found on the Nodes page.
Are you starting to figure out what ports should be allowed through the router’s firewall? Because it’s behind a router… 51820, 51821, 55820 TCP or UDP?
I thought well then. I allowed it, but I don’t understand what happened.
I can connect with WG VPN from Linux, the laptop gets an IP address (10.8.0.2), the Node IP address is 10.5.4.1. I try to ping the IP address 10.5.4.1 but there is no response. I want to reach the Firebird server on port 3050, but it does not respond to telnet…
I’ll try to get it working from Windows too, but it’ll take some time…
I managed to get WG VPN working under Windows and was able to connect to the Firebird server via VPN. I will test the WG VPN connection, I hope there will be no problems.
Thanks to everyone for their help so far, especially @jmrmarkuz This was a big step forward, although there are still many problems to be solved and there is still a lot to do with the Firebird server…
So not related to Nethserver, but due to a strategic choice for Firebird in the past? Can you mark this thread as resolved please. Feel free to open any other NS8 related issue! If NS8 is used commericially, I highly recommend you seek a support contract of your liking with Nethesis.
The heads up to prepare for transition was given on time. Don’t fall alseep behind the wheel.
This is not a matter of decision, but a situation of necessity, which Andy understood at the time…
I intend to mark this as resolved once I’ve successfully tested it, but I’m currently unable to access all services via WG VPN on NS8.
Thanks for the suggestion, but first I would like to make sure that NS8 is suitable for the purpose I need. Unfortunately, at the moment it seems that without improvements and modifications, it is not suitable to replace my Nethserver 7 server, to a limited extent.
@mrmarkuz How do I access NS8 services via wg-easy VPN?
If I don’t change the Firebird port, I can access Firebird via VPN (10.5.4.1:3050), but I can’t connect to sogo (10.5.4.1/SOGo), phpmyadmin, nextcloud, wg-easy, lam, etc.
When wg-easy wireguard VPN is active you’re connecting via VPN. You can test by closing http and https port using firewall-cmd. I found that it’s not even needed to use 10.5.4.1.
All those are reachable via VPN when the HTTP/HTTPS ports are closed.
In NS8 SOGo uses a domain name like sogo.domain.tld.
@mrmarkuz I need to switch from IPsec site-to-site VPN to Wireguard site-to-site VPN between routers. I have a problem with this because NS8 also uses Wireguard VPN and I will need to connect to NS8 from the local network behind the router.
How can I change the Wireguard port on the NS8 so that both the router’s site-to-site VPN and the wg-easy VPN connected to the NS8 work? Is it enough to change the Wireguard listening port on the router and forward the port to the wg-easy client?
