This guide is about accessing peer A’s local network from peer B.
- Already setup wireguard network
- iptables installed
[Interface] PrivateKey = <server's private key> Address = 10.10.1.3/24 ListenPort = 51820 [Peer] #PeerA PublicKey = <peer A's public key> AllowedIPs = 10.10.1.1/32, 192.168.1.0/24 [Peer] #PeerB PublicKey = <peer B's public key> AllowedIPs = 10.10.1.2/32
Notice the PostUp and PostDown commands. You might have to change eth0 to suit your needs.
Peer A client config
[Interface] Address = 10.10.1.1/24 PrivateKey = <peer A private key> ListenPort = 123123 DNS = 126.96.36.199 PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o wlan0 -j MASQUERADE [Peer] PublicKey = <server's public key> Endpoint = <server's IP/domain>:51820 AllowedIPs = 10.10.1.0/24 PersistentKeepalive = 25
Since in my occasion PeerA is a RPi connected wirelessly to the network, notice the wlan0 in PostUp and PostDown commands.
PeerA must have
net.ipv4.ip_forward = 1 in kernel parameters.
To do that at runtime pass
sudo sysctl net.ipv4.ip_forward=1. For a permanent solution, edit
Peer B client config
[Interface] PrivateKey = <peer B private key> Address = 10.10.1.2/24 [Peer] PublicKey = <server's public key> Endpoint = <server's IP/domain>:51820 AllowedIPs = 10.10.1.0/24, 192.168.1.0/24 PersistentKeepalive = 25
This way if peer B pings 192.168.1.1, the traffic is routed through 10.10.1.3 then to 10.10.1.1 and then to 192.168.1.1 as we wanted.
Doing a mtr 192.168.1.1 from peer B: