Hello, On 10/22/20 10:43 AM, Dashamir Hoxha wrote: > I have created a network as shown in this diagram: > https://cloud.flossk.org/s/ZsLtNLsxmo8rxPD > > The red arrows show the WG connections. Only the server has a public IP. > From client1 I can ping to the internet and also to client4: `ping > 192.168.0.3` > However I cannot ping to the LAN IP of client4: `ping 172.26.0.2` > > My ultimate goal is to be able to ping from client2 on LAN1 to client5 on LAN2 > (both of which have no WG configuration and interface), routing through > the WG network (client1 --> server <-- client4). > > Is this possible? I think that it should work, with proper routing, > but I am not able > to figure out the proper configurations. Has anybody tried something like > this? > Do you have any suggestions or advice?
Yes, this is possible. You need: - LAN1 needs to be in the AllowedIPs for client1 on the server - LAN2 needs to be in the AllowedIPs for client4 on the server - A route on client1 to LAN2: ip route add 172.26.0.0/16 dev wg0 - A route on client4 to LAN1: ip route add 172.25.0.0/16 dev wg0 - Routes on the server to both LANS (same as above) A gateway for the routes is not needed. Once Linux passes the packet to the WireGuard interface, cryptokey routing (AllowedIPs) is used. You do not need any NAT. Cheers, Samuel
