Here is the setup I’m trying to achieve:
[Client 10.7.0.2]
│
▼
[WireGuard interface (Main VPS) 10.7.0.1]
│
├── All traffic → Internet
│
└── Specific IPs → WireGuard Interface 10.8.0.1 → [Second VPS 10.8.0.2] → Internet
I have configured the connections on both vps, everything seems to work fine, both sides can handshakes,ping each other, but the specific IPs don’t respones on the client side for some reason
here is what my configuration looks like:
Client.conf:
[Interface]
PrivateKey = <client_private_key>
Address = 10.7.0.2/32
DNS = 1.1.1.1
[Peer]
PublicKey = <main_server_public_key>
Endpoint = MAIN_SERVER_IP:51820
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 25
Main server has to 2 configuration:
First to the clients:
[Interface]
PrivateKey = <main_server_private_key>
Address = 10.7.0.1/24
ListenPort = 51820
[Peer]
PublicKey = <client_public_key>
AllowedIPs = 10.7.0.1/32
Second configuration to the second server:
[Interface]
PrivateKey = <Main_server_to_second_private_key>
Address = 10.8.0.1/24
ListenPort = 53241
[Peer]
PublicKey = <second_server_public_key>
AllowedIPs = 10.8.0.2/32
PersistentKeepalive = 25
Second server:
[Interface]
PrivateKey = <Second_server_to_main_private_key>
Address = 10.8.0.2/24
[Peer]
PublicKey = <main_server_to_second_public_key>
Endpoint = MAIN_SERVER_IP:53241
AllowedIPs = 10.8.0.1/32 #So I won't lose ssh connection
I also enabled IPv4 forwarding and set up NAT on The second server:
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
sysctl -p
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
For the IPs I want to route via the second server, on the main server, I placed them in .txt file and using the following simple function to route them to the second server via interface internal IP address:
while read net; do
ip route add $net via 10.8.0.2
done < ips.txt
When using ip route get on one of those IPs gives the following:
xxx.xxx.xxx.xxx dev wg0 src 10.8.0.1 uid 0
I have tired adding those ips also in AllowedIPs on the main server but that didn’t help.
