Wireguard VPN client routing from lan


I am trying to setup site2site VPN. Challange is that on client side I am behind a router (out of my control).
VPN connectivity seems fine but LAN at client side does not get routed right since there are two gateways. I only want to route site2site traffic over vpn.

It works if I add a manual route at every LAN node, but that seems cumbersome. Can some trick be done?

On the left side the address of the wg server should be 10.0.0.2/24

On the peers you write address but I assume you mean allowed ips.
Those look ok, make sure you enable route allowed ips, so that you would not need static routes.

On the left side the traffic coming out of the server needs a return route.
You can either set a static route on the main router:
ip route add 192.168.1.0/24 via 192.168.3.2
ip route add 10.0.0.0/24 via 192.168.3.2
Assuming you do not nat out of the wg interface the last static route is somewhat superfluous.

Another approach is to snat traffic coming out of this wg server so that traffic will come from 192.168.3.2

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.