> On Oct 5, 2018, at 10:29 PM, Michael Knill
> <michael.kn...@ipcsolutions.com.au> wrote:
>
> Hi Group
>
> Im wanting to set up a NAT rule from NAT EXT to a Wireguard VPN endpoint. Is
> this possible?
> It does not seem to work with NAT EXT -> LAN.
> If not, is there a custom rule I can try?
>
> Basically I want to SSH to the VPN endpoint directly, via the transit DR
> server.
>
> Thanks so much.
Hi Michael, short answer is yes, but depending on the routing.
Start with a diagram ...
public_1 -- pbx1 [ wg_1_ip ] -- wireguard -- [ wg_2_ip ] pbx2 -- public_2
My understanding is you want to SSH to wg_1_ip using public_2 ? Correct me if
I mis-understood.
Yes, a "NAT EXT -> LAN" on public_2 to wg_1_ip will work *only if* the SSH
return path at pbx1 goes through the wireguard vpn.
I have personally tried this when pbx1 was on failover using wireguard over
LTE/4G, as such all pbx1 traffic was routed over wireguard, as such a "NAT EXT
-> LAN" on public_2 to wg_1_ip worked since the SSH return packets passed over
wireguard to pbx2.
Tip -> Similar, but if a "NAT EXT -> LAN" on public_2 to a LAN IP on pbx1 you
would need to set NAT_FOREIGN_NETWORK on pbx2 of the pbx1 LAN so it is NAT'ed
on pbx2.
Lonnie
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
