Using WG to route between two LANs

Samuel Holland samuel at
Wed Oct 28 04:22:46 CET 2020


On 10/22/20 10:43 AM, Dashamir Hoxha wrote:
> I have created a network as shown in this diagram:
> The red arrows show the WG connections. Only the server has a public IP.
> From client1 I can ping to the internet and also to client4: `ping`
> However I cannot ping to the LAN IP of client4: `ping`
> My ultimate goal is to be able to ping from client2 on LAN1 to client5 on LAN2
> (both of which have no WG configuration and interface), routing through
> the WG network (client1 --> server <-- client4).
> Is this possible? I think that it should work, with proper routing,
> but I am not able
> to figure out the proper configurations. Has anybody tried something like this?
> Do you have any suggestions or advice?

Yes, this is possible. You need:
 - LAN1 needs to be in the AllowedIPs for client1 on the server
 - LAN2 needs to be in the AllowedIPs for client4 on the server
 - A route on client1 to LAN2: ip route add dev wg0
 - A route on client4 to LAN1: ip route add dev wg0
 - Routes on the server to both LANS (same as above)

A gateway for the routes is not needed. Once Linux passes the packet to the
WireGuard interface, cryptokey routing (AllowedIPs) is used.

You do not need any NAT.


More information about the WireGuard mailing list