I want to configure an Amazon EC2 instance with WireGuard to establish a Virtual Private Network (VPN) and enable access to private instances within my Amazon VPC.
This is my network setup: VPC: 10.50.0.0/16 Public Subnet: 10.50.10.0/24 Private Subnet: 10.50.40.0/24 WireGuard Network: 192.168.100.0/24
I have successfully established a connection between the WireGuard EC2 instance and my PC. However, I encountered an issue when trying to access EC2 instances in the Private Subnet from my PC. For instance, when I attempt an SSH connection to 10.50.40.60 (EC2 in the private network), the IP address used for the connection is from the Public Subnet where the WireGuard is hosted (e.g., 10.50.10.189), rather than the expected my client WireGuard network IP 192.68.100.2/24.
The purpose of obtaining the correct WireGuard network IP is to utilize these IPs in the security groups, allowing access to specific clients while restricting access to others.
Below is my current IP tables configuration for WireGuard:
PostUp = iptables -A FORWARD -i %i -j ACCEPT
PostUp = iptables -t nat -A POSTROUTING -o enX0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT
PostDown = iptables -t nat -D POSTROUTING -o enX0 -j MASQUERADE
I would greatly appreciate any guidance on how to resolve the issue, thanks!
