ja da gibt es einen sichtbaren unterschied, bei der neuen config zeigt der die Route direkt an von meiner externen IP zu der internen IP von dem ssh Server
bei der alten config sieht man nur den Traffic zwischen dem Wireguard interface und dem Heimnetz.
Fehlt vielleicht eine FORWARD Regel auf das wg interface ?
neue config
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on wgtest, link-type RAW (Raw IP), snapshot length 262144 bytes
17:53:56.170909 IP xxx.xxx.xxx.67.62864 > 192.168.1.21.8080: Flags [S], seq 3668390752, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
17:53:57.185702 IP xxx.xxx.xxx.67.62864 > 192.168.1.21.8080: Flags [S], seq 3668390752, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
17:53:59.191086 IP xxx.xxx.xxx.67.62864 > 192.168.1.21.8080: Flags [S], seq 3668390752, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
17:54:03.197071 IP xxx.xxx.xxx.67.62864 > 192.168.1.21.8080: Flags [S], seq 3668390752, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
17:54:11.205399 IP xxx.xxx.xxx.67.62864 > 192.168.1.21.8080: Flags [S], seq 3668390752, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
alte config
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on wgtest2, link-type RAW (Raw IP), snapshot length 262144 bytes
17:56:31.731825 IP 10.0.0.1.62899 > 192.168.1.22.8080: Flags [S], seq 2089038513, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
17:56:31.752372 IP 192.168.1.22.8080 > 10.0.0.1.62899: Flags [S.], seq 2923186169, ack 2089038514, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
17:56:31.768062 IP 10.0.0.1.62899 > 192.168.1.22.8080: Flags [P.], seq 1:29, ack 1, win 1026, length 28: HTTP
17:56:31.768085 IP 10.0.0.1.62899 > 192.168.1.22.8080: Flags [.], ack 1, win 1026, length 0
17:56:31.785970 IP 192.168.1.22.8080 > 10.0.0.1.62899: Flags [.], ack 29, win 502, length 0
17:56:31.785971 IP 192.168.1.22.8080 > 10.0.0.1.62899: Flags [.], ack 29, win 502, length 0
17:56:31.803956 IP 192.168.1.22.8080 > 10.0.0.1.62899: Flags [P.], seq 1:42, ack 29, win 502, length 41: HTTP
17:56:31.838274 IP 10.0.0.1.62899 > 192.168.1.22.8080: Flags [P.], seq 1489:1525, ack 42, win 1026, length 36: HTTP
17:56:31.858786 IP 192.168.1.22.8080 > 10.0.0.1.62899: Flags [P.], seq 42:1122, ack 29, win 502, options [nop,nop,sack 1 {1489:1525}], length 1080: HTTP
17:56:31.914769 IP 10.0.0.1.62899 > 192.168.1.22.8080: Flags [P.], seq 1525:2733, ack 1122, win 1022, length 1208: HTTP
17:56:31.923849 IP 10.0.0.1.62899 > 192.168.1.22.8080: Flags [P.], seq 1353:2733, ack 1122, win 1022, length 1380: HTTP
17:56:31.934939 IP 192.168.1.22.8080 > 10.0.0.1.62899: Flags [.], ack 29, win 502, options [nop,nop,sack 1 {1489:2733}], length 0
17:56:31.944556 IP 192.168.1.22.8080 > 10.0.0.1.62899: Flags [.], ack 29, win 502, options [nop,nop,sack 2 {1489:2733}{1353:2733}], length 0
17:56:31.960170 IP 10.0.0.1.62899 > 192.168.1.22.8080: Flags [.], seq 29:1409, ack 1122, win 1022, length 1380: HTTP
17:56:31.981062 IP 192.168.1.22.8080 > 10.0.0.1.62899: Flags [.], ack 2733, win 490, options [nop,nop,sack 1 {1353:1409}], length 0
17:56:31.995846 IP 192.168.1.22.8080 > 10.0.0.1.62899: Flags [.], seq 1122:2502, ack 2733, win 501, length 1380: HTTP
17:56:31.995883 IP 192.168.1.22.8080 > 10.0.0.1.62899: Flags [P.], seq 2502:2706, ack 2733, win 501, length 204: HTTP
17:56:32.012008 IP 10.0.0.1.62899 > 192.168.1.22.8080: Flags [.], ack 2706, win 1026, length 0
17:56:32.051625 IP 10.0.0.1.62899 > 192.168.1.22.8080: Flags [P.], seq 2733:2813, ack 2706, win 1026, length 80: HTTP
17:56:32.072428 IP 192.168.1.22.8080 > 10.0.0.1.62899: Flags [P.], seq 2706:2770, ack 2813, win 501, length 64: HTTP
17:56:32.130953 IP 10.0.0.1.62899 > 192.168.1.22.8080: Flags [.], ack 2770, win 1026, length 0
Display More