Let’s say I have 3 wireguard peers: my PC, a VPS server which I have full access to, and a VPN server, for which I don’t. What I’m trying to achieve is to route all my traffic from PC through VPS and then through VPN server. VPS server itself shouldn’t route traffic through VPN, of course.
I have read this guide – https://www.procustodibus.com/blog/2022/06/multi-hop-wireguard/#internet-gateway-as-a-spoke. Did everything as described in, except I cannot configure peer C, VPN server in my case. It doesn’t work. When enabled, I have no access to the internet nor wireguard’s network (10.0.0.*).
Here’s my config on VPS server:
[Interface]
Address = 10.68.200.191/32,10.0.0.1/32
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 51820
PrivateKey = <KEY>
Table = 123
PreUp = ip rule add iif wg1 table 123 priority 456
PostDown = ip rule del iif wg1 table 123 priority 456
[Peer]
PublicKey = <KEY>
AllowedIPs = 10.0.0.2/32
[Peer]
PublicKey = <KEY>
AllowedIPs = 0.0.0.0/0
Endpoint = <VPN_ADDR>:51820
So, is there any way to achieve what I want without access to the last peer?
