Show Posts
1
Virtual private networks / Wireguard with two Peers routing
« on: April 01, 2023, 12:38:48 pm »
Hi experts,
I m facing a situation where I want to cross by two locations of Wireguard instances to finally go out to the internet with the public IP from the last location.
I have set up the following topology:
As you can see I have the local machine sitting in SPAIN, using Wireshark to connect to my VPS that is located in Madrid, and finally route this traffic to another VPS located in SAOPAULO, the reason for that is because my VPS provider offer a better route reducing extremely the latency compared with a directly connection from my home PC to the VPS 2 SP.
So in order to use this better route I need to go through the VPS provider located in Madrid.
I have made already several attempts to make my public IP set as the VPS 2 SP location, but the maximum I could achieve is my public IP go out from the VPS 1 MAD location.
From the OpnSense I can ping both peers on MAD and SP, on reverse direction from SP I can reach to the peer set on OpnSense as well, so in terms of connection between the Wireguard it seems to be working, my problem is how can I set the routing on the VPS MAD in order to make all my traffic go out on the VPS SP.
This is my config for the VPS MAD:
On VPS SP I have this:
And on Opnsense I have the following:
Any suggestion on how can I achieve it?
I m facing a situation where I want to cross by two locations of Wireguard instances to finally go out to the internet with the public IP from the last location.
I have set up the following topology:
As you can see I have the local machine sitting in SPAIN, using Wireshark to connect to my VPS that is located in Madrid, and finally route this traffic to another VPS located in SAOPAULO, the reason for that is because my VPS provider offer a better route reducing extremely the latency compared with a directly connection from my home PC to the VPS 2 SP.
So in order to use this better route I need to go through the VPS provider located in Madrid.
I have made already several attempts to make my public IP set as the VPS 2 SP location, but the maximum I could achieve is my public IP go out from the VPS 1 MAD location.
From the OpnSense I can ping both peers on MAD and SP, on reverse direction from SP I can reach to the peer set on OpnSense as well, so in terms of connection between the Wireguard it seems to be working, my problem is how can I set the routing on the VPS MAD in order to make all my traffic go out on the VPS SP.
This is my config for the VPS MAD:
Quote
[Interface]
Address = 10.13.13.2
ListenPort = 51820
MTU = 1420
#Table = vpn
PrivateKey = <omitted>
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens18 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens18 -j MASQUERADE
# nodeBR
[Peer]
PublicKey = <omitted>
AllowedIPs = 10.13.13.1/32,10.13.13.3/32
# nodeES
[Peer]
PublicKey = <omitted>
AllowedIPs = 10.13.13.3/32
On VPS SP I have this:
Quote
[Interface]
Address = 10.13.13.1
ListenPort = 21841
MTU = 1420
PrivateKey = <omitted>
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o enp0s3 -j MASQUERADE
[Peer]
PublicKey = <omitted>
AllowedIPs = 10.13.13.2/32,10.13.13.3/32
Endpoint = <omitted>:51820
PersistentKeepalive = 15
And on Opnsense I have the following:
Any suggestion on how can I achieve it?
