There are 3 networks and a server with Wireguard installed. I need:
- Users from the network 172.20.21.0/24 have access to the server and network 172.20.20.0/24
- Users from the network 172.20.20.0/24 have access to the server and network 172.20.21.0/24
- Users from the 172.20.22.0/24 network can access servers and networks on both 172.20.20.0/24 and 172.20.21.0/24
Additional Internet access (by routing marks):
- Users from network 172.20.20.0/24 via VPS
- Users from network 172.20.21.0/24 via VPS
- Users from network 172.20.22.0/24 via router 0 (priority 1) and via VPS (priority 2)
VPS Wireguard config like this:
Code: Select all
[Interface]
Address = 10.66.66.1/24,fd42:42:42::1/64
ListenPort = 12345
PrivateKey = xxxxx
PostUp = iptables -I FORWARD -i eth0 -o wg0 -j ACCEPT
PostUp = iptables -I FORWARD -i wg0 -j ACCEPT
PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i eth0 -o wg0 -j ACCEPT
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT
PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
PublicKey = xxxxx
PresharedKey = xxxxx
AllowedIPs = 10.66.66.2/32,fd42:42:42::2/128
[Peer]
PublicKey = xxxxx
PresharedKey = xxxxx
AllowedIPs = 10.66.66.3/32,fd42:42:42::3/128
[Peer]
PublicKey = xxxxx
PresharedKey = xxxxx
AllowedIPs = 10.66.66.4/32,fd42:42:42::4/128