hello,
i have router in location A and ipsec tunnel to router in location B.
So basically all devices in B can see subnet in A and all devices...inside that subnet.
I also run wireguard server on A ; is it possible to initiate wireguard client connection from client within subnet B to A? I mean i can do that but speed rapidly downgrade. Maybe some conflict and duplicate packets etc...?
The reason i wanted wireguard connection is so that specific device acts on internet with public ip of A location.
ipsec tunnel works fine, but clients expose public ip of location B.
If you change the encryption domain in both peers to be 0.0.0.0/0 on router A, I don't see why not. However it would be much easier with wireguard on both ends.
What i am saying here is that i have already ipsec tunnel between A and B
and opening wireguard connection is like tunnel inside tunnel ... and that might be issue ...
Sorry, I did not understand the question properly.
You can have tunnel within tunnel. However you'll need to adjust the MTU to fit.
Encryption domain is the interesting that gets encrypted when going through the IPsec tunnel.
I think you're saying you want to run Wireguard on one of the endpoints at site B and have that one endpoint tunnel all of its Internet use through site A.
This could be done without tunnel in tunnel by simply having that Wireguard client send encrypted packets directly to A's public IP on another port, completely separate from IPsec.