Hello,
For one of our sites, there’s a need for letting our external suppliers access our network using our guest network. The suppliers works both remotely and on-site and have VPN access using WireGuard. This works of course well when they’re not in the same building but can’t connect when they come on on-site and tries to connect to the same network. Ironically, the WireGuard connection works if the users already had an active connection before they closed their laptop in the hotel and went to our site – WireGuard will in that case send all traffic as usual, even internally.
I’ve been experimenting with NAT hairpin/loopback in the affected VLAN, but the rules never shows any traffic being masqueraded to the gateway (UDP traffic in 10.203.86/23 with destination 13231shall be masqueraded to 10.203.87.253/23).
Maybe I can’t use src-nat rules to loopback the traffic to the router itself? Is it even possible do it at all?
All help is appreciated!