I'm trying to build a chain WireGuard Tunnel. Right now testing, but I'm stuck.
I have two WireGuard servers, 1st one is in India 2nd one is in Singapore. Here is what I'm trying.
Client < 10.26.26.0/24 > India < 10.26.27.0/24 > Singapore
IN Tunnel Peer: 10.26.26.20/32 SG Tunnel Peer: 10.26.27.20/32
I was able to deploy the WireGuard on both servers. And now I'm trying to establish a connection between India <> Singapore by creating a new tnl0 interface. Whenever I establish it kicks me from SSH. I believe I have to do some kind of firewall stuff here. Here is the server configuration. India Chain WG Interface:
#Server:
[Interface]
Address = 10.26.26.1/24
ListenPort = 443
PrivateKey = YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY
SaveConfig = true
## Firewall Rules
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
#PC-PEER:
[Peer]
Public Key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
AllowedIPs = 10.26.26.2/32
#Tnl-PEER:
[Peer]
PublicKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
AllowedIPs = 10.26.26.20/32
Singapore Server:
#Server:
[Interface]
Address = 10.26.27.1/24
ListenPort = 443
PrivateKey = YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY
SaveConfig = true
## Firewall Rules
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
#Tnl-PEER:
[Peer]
PublicKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
AllowedIPs = 10.26.27.20/32
India to Singapore Tunnel Config:
[Interface]
PrivateKey = YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY
Address = 10.26.27.20/32
DNS = 1.1.1.1
[Peer]
PublicKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
AllowedIPs = 10.26.27.0/24
Endpoint = 1.2.3.4:443
PersistentKeepalive = 21
I tried to follow this guide https://www.ckn.io/blog/2017/12/28/wireguard-vpn-chained-setup/ But this one is very old and not working. I tried to replicate as much as I can do but had no luck. I believe I have to add some routing tables in Tunnel Config so that that allows me to pass client's traffic to the Singapore server via India.