0

I have wireguard installed on three devices:

  • an iOS device connected to the internet using LTE
  • a laptop connected to the internet using WiFi(behind NAT)
  • a remote server with static IP

So far my config looks as below. Currently both devices (laptop an ios device) have their internet traffic routed through the aws instance.

Is it possible to route the internet traffic from my laptop through the iOS device? As far as I understand WireGuard has the concept of peers not "servers" so it shouldn't be hard to have the internet routed through another peer than the endpoint "peer".

Remote Server

IP forwarding is enabled

$ cat wg0.conf
[Interface]
#DNS = 8.8.8.8
## Private IP address for the wg0 interface ##
Address = 10.0.0.1

## VPN server listening port ##
ListenPort = 51820

## VPN server private key ##
PrivateKey = *****

## Firewall rules ##
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]

AllowedIPs = 10.0.0.3
PublicKey = *****

[Peer]
PublicKey = *****
AllowedIPs = 10.0.0.2

Laptop

[Interface]
PrivateKey = ****
Address = 10.0.0.3/32
DNS = 8.8.8.8

[Peer]
PublicKey = ****
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = 134.21.111.111:51820 # redacted
PersistentKeepalive = 5

iOS Device

[Interface]
PrivateKey = ****
Address = 10.0.0.2/32
DNS = 8.8.8.8

[Peer]
PublicKey = ****
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = 134.21.111.111:51820 # redacted
PersistentKeepalive = 5
mike
  • 61
  • 5
  • The real problem is your iOS device. Is it capable of routing through a WireGuard interface? I guess the answer can't be known, because even if it's running *nix, it's first and before all an embedded device, so it depends on whatever the WG app provides. There are still multiple fixes required on the remote server of course. – A.B Feb 13 '23 at 19:41
  • 1
    If you can replace the iOS device with an other laptop running a complete *nix and accept that if it receives traffic on its WG interface (using tcpdump) from the initial laptop then the server side was done. If the 2nd laptop also runs Linux, then I could even help with its proper NAT/routing. – A.B Feb 13 '23 at 19:43
  • @A.B that seems the case. I gave up on iOS and decided to use two devices. I've posted the update question on https://unix.stackexchange.com/q/738512/270881 – mike Mar 03 '23 at 16:41
  • I already saw your new question. Given some time (probably a few days), I might be able to devise something there. – A.B Mar 03 '23 at 17:15

0 Answers0