Hi Crystal, Yes, both server A and C can access serverB, which has a fixed, public IP.
Thanks for the advice. I can make it work for only ssh’ing into either machine, but not for using all internet via serverC’s connection, from serverA. I believe the wireguard configuration will use allowedIPs to route wireguard IPs, but the wireguard config will not route external IPs. I thought I needed openBSD’s route for that. Are you able to make it work for that scenario? Thanks! Jake > On 10 Aug 2024, at 11:11, Crystal Kolipe > <kolipe.c_at_exoticsilicon_com_rmp417bv513f7h_m4083...@icloud.com> wrote: > > On Sat, Aug 10, 2024 at 09:18:48AM +0100, 04-psyche.tot...@icloud.com wrote: > Hi all, > > I am working on a wireguard network. > > I have a setup like this: > > serverA (10.0.0.0) => serverB (10.0.0.1) => serverC (10.0.0.2) > > - serverA connects to serverB with AllowedIPs = 0.0.0.0/0 > - serverB connectes to serverC with AllowedIPs = 0.0.0.0/0 > > I cannot access serverC directly from serverA (it does not have a public > facing IP), so I go via serverB. > > Can serverA and serverC both make inbound connections to serverB? > > If so, then just: > > * set up a dedicated subnet for each of serverA and serverC > * include both in the configuration of wgaip on each server > * use a short wgpka setting on serverA and serverC to ensure that the link > stays up. > > No need for manual routing changes, routing domains, cron jobs or other > cludges. > > It just works. > > I'm ssh'ed in to a machine right now that is at the other end of such a tunnel > on a dynamic IP, and it's been up for seven days.
