I have a Wireguard site-to-site VPN conneted to several other sites. Normally, only the specific traffic is routed through the tunnel. (traffic to 192.168.10.0 goes through tunnel 1, whereas traffic to 192.168.120.0 goes through tunnel 2, while traffic to 192.168.1.0 and all external IPs stays local). So far, so good.
My goal is now to offer a new wlan SSID, where all connected clients have all traffic been routed through a specific tunnel, lets say tunnel 2.
This is not as trivial, since the existing wireguard config to this endpoint has
Allowed_IPs = 192.168.120.0/24
and needs to be 0.0.0.0/0, right? But this would affect all other clients on the router as well.
Maybe making a second wireguard interface can help? Can I make two connections to the same tunnel, one with wg0 and Allowed_IPs = 192.168.120.0/24, and one with wg1 and 0.0.0.0/0 ?
Any other ideas?