0

I have the following network setup:

2 LANs; 1 local and 1 remote, connected site-to-site via WireGuard.

192.168.0.0/24 -> local
192.168.2.0/24 -> remote

192.168.0.0/24 has a gateway 192.168.0.20

192.168.2.0/24 has a gateway 192.168.2.254

All hosts on each side are able to reach each other.

I would like for one host (192.168.0.4), to be able to use the gateway (192.168.2.254) on the remote network for all its traffic.

Is this somehow possible using ip routing, iptables rules or any other option that I'm not thinking of?

sndrvanes
  • 1
  • 1

1 Answers1

0

Normally, you can only specify the immediate next hop of your packets, but you have no control over where they go next. You cannot specify a distant gateway directly, except by using a tunnel to that gateway.

So your LAN device .0.4 needs to route packets via your WireGuard endpoint, and your WireGuard endpoint needs to route them via the WG site-to-site tunnel, and the remote WG endpoint then needs to route them via 192.168.2.254.

For the PC, in this situation you can just specify your local WG gateway as the computer's "default gateway". Likewise, the remote WG endpoint most likely already has 192.168.2.254 as its default gateway for everything.

It's only your local WG endpoint that needs special configuration – it needs policy routing to be able to specify different 0.0.0.0/0 routes for 192.168.0.4 and for everything else (you don't want to accidentally route WG traffic via the same WG tunnel...). This is supported on Linux via ip rule; in your case it's probably enough to create a policy rule that matches just on from 192.168.0.4/32, though you'll see many tutorials applying packet marks via iptables first.

user1686
  • 10,162
  • 1
  • 26
  • 42