Wireguard - NAT to NAT connection (hub / spoke)

Started by Virgun, July 17, 2025, 11:02:43 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 17, 2025, 11:02:43 PM
Hi Everyone!

I'm trying to connect to the internet through my server (so I have server's IP address when accessing the internet) but I can't figure it out.

Setup:
Home 1 Firewall - Opnsense Wireguard instance (10.20.50.1)
Home 2 Router - Wireguard peer (10.20.50.3)
Home 3 Debian Server - Wireguard peer (10.20.50.2)

Since Home 2 & Home 3 are behind CGNat I thought it's gonna be best for them to connect to Home 1 (wireguard on opnsense) and then opnsense can redirect the traffic.

I want to access internet through Home 3 with Home 2 (so Home 2 connects to Home 1 and redirects the traffic to Home 3 where I can access the internet with Home 3 public IP address).


I'm able to connect Home 2 and Home 3 to Home 1 (ping the hub), also I'm able to ping Home 3 from Home 2 but can't get to send any traffic through.


Does anyone know what I'm doing wrong, or is there any tutorial somewhere out there for that kind of setup?
Thank you all!
Print
Go Up Pages1
User actions