Routing Wireguard traffic through wireguard VPN Help

Started by Rkpaxam, September 12, 2025, 12:41:22 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 12, 2025, 12:41:22 PM
Hi Great people

I have had a few posts recently, and being based in the UK, I'm now trying to protect myself from the UK monitoring. Last night some great people gave me this link: https://www.youtube.com/watch?v=fFszlJpTBoc An Easy Step-by-Step Guide which is now working.

Now the thing is, when I go out, I connect all my devices to another Wireguard instance to tunnel into my network, so I remain on the LAN and can access my DNS/Server. How would i/Can I get these devices routed through the Mullvad vpn above?

Apparently, I can do routing, but I will be honest, whilst I have a rudimentary understanding, it would be great if someone has instructions on how to set up.

The only thing i will mention is my WG tunnel is set to use my internal DNS from AGH not sure if that makes any diffrences.
October 13, 2025, 08:50:57 PM #1
Hi,

Did you get a solution for this because I have the exact same setup: Wireguard tunnel from my phone to my home and would like to route that towards the Mullvad Wireguard tunnel.

I tried to treat the inital Wireguard tunnel as a normal network and in the firewall rules, I added the Mullvad gateway to the "wan rule" but I would loose network.

That's why I'd be interested if you figured it out :)
October 13, 2025, 09:14:15 PM #2
Without knowing much more detail I think the steps necessary are:

- Remote client aka road warrior aka phone needs "AllowedIPs = 0.0.0.0/0" so the device has a default route into the tunnel.
- On OPNsense you need a rule with policy routing on that particular interface, e.g. on "WireGuard Phone" allow all and set gateway to Mullvad

Possibly you will also need an outbound NAT rule on the Mullvad interface for the other WG network to be NATed to the interface address.

HTH,
Patrick
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
October 16, 2025, 05:27:29 PM #3
Thank you SO MUCH!

By reading your post, I forced myself to go through those steps and figured out where the problem was!
I have 2 WG interfaces coming in (my devices): WGHome and WGHomeUnsecuredDevices (I don't want my phones to have access to my management VLAN :-))
I had the NAT outbound rule set on the WGHome net and was testing a device on the WGHomeUnsecuredDevices.
It was surely not going to work that way :-p
I fiddled a lot with my different VLANs and routing some through the external VPN and got probably lost in the configuration.

Sorry for this stupid mistake on my end and thank you again for your help!
Print
Go Up Pages1
User actions