Hello. I have RB3011 locally and x86 on VPS - both have public IP. I configured Site-to-site Wireguard VPN and that works fine, I have access to both LANs but that’s not the case here.
I want to deepen my ROS knowledge, so I’d like to recreate given scenario.
VPS MT wireguard1 IP: 172.30.255.1, LAN 172.31.255.1/24
Local MT wireguard1 IP: 172.30.255.2, LAN 10.0.0.1/24
I have 1 host with IP 10.0.0.158/24, access to other devices in LAN isn’t necessary.
Both sides can ping, VPN works as basic site-to-site. Added routing between LANs etc.
On both:
wireguard1 is in list LAN
I want to route that specific host via wireguard1, so it goes to Internet via VPS public IP.
On local MT:
- I created Table “vps”
- I added routing rule
src-address=10.0.0.158/32 action=lookup-only-in-table table=vps - I added route
dst-address=0.0.0.0/0 routing-table=vps gateway=wireguard1
Ping from that device goes only to VPS LAN, nothing else works (like 1.1.1.1)
I tried adding masquerade to out=wireguard1 and switching wireguard1 from list LAN to WAN but I guess something is still missing on VPS MT.
In sniffer I can see in and out communication between 10.0.0.158 and 172.30.255.1 while pinging, but any other ping from 10.0.0.158 is only outgoing but I don’t really know what else should be on VPS.