WireGuard server can’t access one specific client Subnet

ms1 · November 15, 2022, 6:51pm

Hello community,

Looking for support to use WireGuard connection effectively, requesting support to solve this:

Use case - Router B (Client) connects with Router A ( Server)

Goal : Connect with specific Client subnet (CCTV) from WireGuard server which do not allow access to any IP outside local subnet - all other subnets are accessible except this CCTV

What works;

Connection between Client and server
Internet on both router
both Client and server subnets are accessible through both routers except CCTV IP at WireGuard client subnet

Was thinking if somehow while attempting to connect with CCTV from server my server subnet (e.g. 192.168.0.1/24 gets translated to client subnet IP 192.168.1.1/24), the CCTV firewall would consider it as local connection and allow access…

Full details of this use case and latest configuration can be found here ( another post where @psherman @mk24 helped me getting WireGuard working.

trendy · November 15, 2022, 8:05pm

Yes, you can add a SNAT rule to masquerade the packets from server subnet into the IP of the client router.

ms1 · November 16, 2022, 1:52am

Hi, Thanks for confirming, as i am not that good with networking can you also help with the required configuration on client router?

trendy · November 16, 2022, 7:34am

The outbound zone is probably not vpn, but some lan or dmz.
Destination address you can use the CCTV one.
Rewrite IP address is the IP that OpenWrt has in this subnet.

ms1 · November 16, 2022, 10:43am

Worked like a magic, Really appreciate your help.

system · November 26, 2022, 10:44am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.