4

I have two linux laptops A (10.0.0.2) and B (10.0.0.3) with dynamic/behind NAT ip addresses that connect to the same wireguard server/endpoint(S (10.0.0.1)) with static ip address.

How can I route the internet traffic from client A(10.0.0.2) through client B(10.0.0.3)? Can I do that using wireguard configs alone or iptables?

Client A config

[Interface]
PrivateKey = oBkg
Address = 10.0.0.2/32
DNS = 8.8.8.8

[Peer]
PublicKey = ZnD
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = 54.87.125.111:51820
PersistentKeepalive = 15

[Peer]
PublicKey = 3baQ
PersistentKeepalive = 15

Client B config

    [Interface]
    PrivateKey = kBaMmx
    Address = 10.0.0.3/32
    DNS = 8.8.8.8
    
    [Peer]
    PublicKey = ZnD/WMx0k
    AllowedIPs = 0.0.0.0/0, ::/0
    Endpoint = 54.87.125.111:51820
    PersistentKeepalive = 5
    
    [Peer]
    PublicKey = IVZrsrnYXXXXXXX
    PersistentKeepalive = 5

server S config

[Interface]
#DNS = 8.8.8.8
## Private IP address for the wg0 interface ##
Address = 10.0.0.1

## VPN server listening port ##
ListenPort = 51820

## VPN server private key ##
PrivateKey = mPIoXXXXXX

## Firewall rules ##
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE


[Peer]
AllowedIPs = 10.0.0.3
PublicKey = 3baQl

[Peer]
PublicKey = IVZrsrnYXXXX
AllowedIPs = 10.0.0.2

Edit

This is the minimum configuration but as the network grows I will have multiple pairs of peers like A and B (e.g. peer C wants to have its traffic handled through peer D )

mike
  • 61
  • 5
  • You can't just add new "requirements" on a question after an answer was made... – A.B Mar 09 '23 at 23:43
  • @A.B fair enough...I just tried to include minimal information to reduce the cognitive load thinking I could scale it on my own. – mike Mar 13 '23 at 20:25

0 Answers0