I am trying to setup a Wireguard VPN on a Fedora server. I have it up and running and can connect with multiple clients, browse through it, ssh into the server etc. In general it just works. Except for one thing. If I have two clients connected at the same time I cannot ssh from client A to client B or the other way for that matter through the VPN. I can ssh from server into either of the clients and from the clients into the server, but not between the client. The obviouse reason is the firewall so I tried disabling it and as I expected I could now ssh between clients on the same VPN subnet.

So the firewall is not setup properly but I have added the rule below:

iptables -A FORWARD -i wg0 -o wg0 -j ACCEPT

which should allow clients to communicate? As it is a Fedora server running with firewalld I figured I would make a new zone called vpn and add the wg0 interface to that one so I could make speciel rules for the VPN. That works and I can still browse and ssh between client and server but not between clients.

What am I missing? Must the forwarding rule be set through firewalld and if so what is the right command to do that as I cannot seem to get it right.

I tried with the command:

firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i wg0 -o wg0 -j ACCEPT

but get a COMMAND_FAILED response from firewalld. No error codes or anýthing else.

Anyone that can help me?