Static Route from Wireguard client to another Wireguard client
Wanted to see if there is a way to do what I'm trying to do. I have a Wireguard client (call it Client A) that will be tunneling all traffic into my FWG+. I would like to direct all Traffic that is destined for 192.168.1.0/24 (I know, that needs to be changed) to another Wireguard Client (call it Client B) that is also connected to my FWG+. Since they are connected to me, and not from FWG+ out to the clients, they is not an option to select in the Routes tile.
Other kicker I have here is that I have a Site-to-site set up between me (FWG+) and a Server (Server A) that routes the traffic for 192.168.1.0/24 and 2 other networks.
Client A and Client B are not allowed to talk with Server A, nor can they (Client A & B) talk with each other (until I place a rule in to allow it).
Is there a way to route traffic from Client A to Client B for just the traffic that is for the 192.168.1.0/24 subnet (not the one on Server A)?
-
This can be done using policy based routing, see this section https://help.firewalla.com/hc/en-us/articles/4408977159187-Using-Firewalla-Policy-Based-Routing-with-VPN-and-Multi-WAN-Features#h_01FJKGW772ATP7MYMPNK0JHNNC
-
Hi @James...
Client A is a device connecting to FWG+ VPN server? And Client B is using FWG+ VPN Client? If so, the link already provided will work.
If the VPN Profile connecting to FWG Server is using WireGuard, you can also choose that particular VPN client to route through a Firewalla VPN Client.
Maybe I didn't correctly understand your requirements? -
I had a connection from Client A and I had a connection from Client B. I wasn't sure when I could get to Client B's place to reconfigure the Network and allow port forwarding so Client A could connect to Client B directly. So I was hoping to just route Client A's traffic to Client B through the connections I already had in place on my Firewall
I did have to go out to Client B's location and was able to reconfigure his network to allow incoming WireGuard connections. So this post is irrelevant now. But I've had a few times where I've had to create a connection back to a Client so I can route traffic back. (Basically I've got a few site-to-sites, and there might be some specific traffic that I need to point to that route, but if they are connected to me, then I can't do that, I have to connect to them to be able to route traffic back through the site-to-site connection).
Please sign in to leave a comment.
Comments
6 comments