WireGuard

This is an automated archive.

The original was posted on /r/wireguard by /u/Ok-Bison-8174 on 2023-12-27 11:28:06+00:00.

Hello,

I have a private network at home with several servers:

• 192.168.1.2 <= the host running wireguard (192.168.2.1), let's call it A.
• 192.168.1.1 <= let's call it H1
• 192.168.1.4 <= let's call it H2
• etc.

I have a MacBook (Sonoma), that also runs wireguard (192.168.2.2), let's call it B.

So basically:

B ---- internet ---- A ---- LAN ---- H1, H2

I would like to have a wireguard network that is 192.168.2 and that can talk to any host in the private network 192.168.1.

Here is A's configuration:

[Interface]
PrivateKey = xxx=
ListenPort = 51871
Address = 192.168.2.1/32

[Peer]
PublicKey = xxx=
PresharedKey = xxx=
AllowedIPs = 192.168.0.0/16

And here is B's configuration:

[Interface]
PrivateKey = xxx=
Address = 192.168.2.2/32

[Peer]
PublicKey = xxx=
PresharedKey = xxx=
AllowedIPs = 192.168.0.0/16
Endpoint = myremoteip:51871

When I connect my MacBook (B) to my server (A), B can reach A (on both 192.168.1.1 and 192.168.2.1), no problem.

But I would like B to be able to connect to H1 and H2 (like from B being able to ssh 192.168.1.4).

I understood it requires ip forwarding via sysctl and iptables stuff, but I don't really understand any of it, and the things I copy pasted didn't really work...

Could someone please assist me? Thank you very much.

And happy holidays!