Forward wireguard server to wireguard client

Installing and Using OpenWrt Network and Wireless Configuration
1

So I been trying to figure this one for a bit

I have a typical wireguard setup

wg0 added,
interface and peer configured
vpn firewall matches wan
lan > vpn and wan

but this get only client working
not server

does anyone have tutorial on how to do this
I see this topic Working config for Local Wireguard Server + Wireguard Client - #3 by AnAx but not really an answer

my vpn only allows single wireguard connection and I would like to have a wireguard server where I can re-share

appreciate any help

2

It is not clear what you are trying to achieve. Do you want to have multiple ‘client’ peers? Or a connection from your router as a ‘client’ to a ‘server’ somewhere else?

Have you looked at the wireguard wiki pages?

Also, we can review your configuration.

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/firewall
1 Like
3

thanks for the response

basically I am trying to configure wireguard to work as a client and server at the same time

basically my vpn has a limit of one wireguard connection and I wanna set up openwrt where i"m connected to my vpn but than reshare vpn connection with via wan ip of server(router) where wireguard would act like a server and share my vpn connection

4

Wireguard is a peer-to-peer system, unlike the client-server system that OpenVPN uses. So with Wireguard you wouldn't "forward a Wireguard server", you would just set up the allowed IPs of the tunnels and let the Linux kernel do its job and route the packets between the tunnels.

But before we can issue specific recommendations we need more information about this VPN tunnel you want to share. In the case that you control both ends of the Wireguard tunnel, then "sharing" this tunnel with other clients would be relatively easy. As stated before, you just set the allowed IPs such that traffic destined to your clients go through the shared tunnel. Then you make sure those clients have IPs in those allowed IP ranges.

However, you say your "VPN has a limit of one Wireguard connection". So is this a commercial VPN provider that you are subscribed to? Does this VPN route an entire subnet to you or does it only give you a single IP address? If it only gives you a single IP address, then it's less straightforward.

Either way, are you sure you want to share a VPN connection this way? This adds an extra two hops before packets reach the client devices, increasing latency by quite a bit. Since it appears you want to access the OpenWrt router remotely, packets would have to move in and out of the WAN interface, so there are bandwidth considerations at play here as well.

5

Hi @elbertmai very new to wireguard but trying to learn
thanks for your reply

this was provided by my commercial vpn, so don't think there single IP restrictions

[Interface]
Address = 10.7.0.3/24
DNS = 1.1.1.1, 1.0.0.1
PrivateKey = eJPx2G6gK7Y5RLGikZ6hTsfQOVAwtU02IK8DHneXkXs=

[Peer]
PublicKey = 88f1lTpN9y5IKES95gjUzi7QWM+m0Kuo1Nyk3MqWX1k=
PresharedKey = zArZcTpV9nooykJ9FWDFKoFcslmIFui3t6BO3BFxTvk=
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = ip:port
PersistentKeepalive = 25

My plan is to test this out and see if it's working as expected or not

6

Please redact your keys

7

not real keys

2 Likes
8

Make sure you enable route_allowed_ips otherwise nothing is happening

9

I'm honestly at the point where I'm willing to pay someone to do this for me

not sure if that's against forum rules