Root Moose1d ago

Any Wireguard gurus out there?

Is the following possible?

I have a network behind two firewalls with the outer firewall being on CGNAT.

I can create a WG tunnel via a VPS outside the CGNAT (random VPS on public Internet) to allow hosts on the network inside of the second firewall to expose TCP ports like an adhoc web server or whatever.

This seems to work fine. I can curl a page inside the firewalls by connecting to the public VPS on the configured port for the tunnel.

I've tried to get a Wireguard VPN connection to work over this tunnel.

That is, a client outside the CGNAT firewall tries to create a VPN connection on the inside the second firewall.

Trying to do this by creating a Wireguard VPN connection through an existing Wireguard tunnel.

Both firewalls are OPNSense, remote client can be anything but am trying a Win 11 VM currently.

I still need to spend more time working on it but I'm really not getting anywhere and was wondering...

Is this even possible?

Anyone done this?

Perhaps there is a different/better approach I should try?

👂 👂 All ears. 👂 👂

#Wireguard #Networking #VPN

Show threadkidney

@RootMoose
>Is this even possible?

Tunnel-in-tunnel? Sure. Don't forget to adjust MTU.

Mar 22 at 11:16pmWeb