Wireguard Road Warrior access other wireguard Tunnels
-
Hello everyone and i wish health and careful from pandemic.
I have a central site with static public ip, that accept 3 wireguard tunnels from remote sites with dynamic ip. everything is working ok with the tunnels and traffic. So:
192.168.1.0/24 central
Site 1: 192.168.2.0/24 tunnel 172.16.2.0/24
Site 2: 192.168.3.0/24 tunnel 172.16.3.0/24
Site 3: 192.168.4.0/24 tunnel 172.16.4.0/24Now i'm setting up a warrior wireguard for remote access on central.
Since remote sites has dynamic ip, i can't setup wireguard directly on them.
Is there any way to access all 4 networks from a laptop by connecting remotely to central ? -
@bambos does central have routes and rule sets to allow traffic? You’ll also need static routes pointing the road warrior subnet at central otherwise how would the sites know where to reach the road warriors?
So if central has a fixed public wan IP, set dynamic WG tunnels pointed at central. Then, on your edge sites static route your road warrior subnet to the central side of each sites tunnel, so long as the rule set allows, you should be able to hit the other sites through central
-
@bambos for dynamic, u cannot setup a service like dyndns on them?
Just curios. -
@rcmcdonald91 yes my friend, you are right. I did many tests and i was able to contact all remote sites, the only trick was to add the network on my client setup, and also add the tunnel to each site peer setup.
for example the tunel or road warrior is 172.16.16.1, this has to be added to the allowed IP's of each site peer, and also firewall rule is is not allow all. Also on wireguard windows setup, the LAN ip of each site has to be also added so we can get correct routing on the PC.
-
@periko my ISP using several routers behind my firewall. So all sites are dynamic, only my central is static.
