On 2024-06-07, Kirill A Korinsky <kir...@korins.ky> wrote: > misc@, > > I wonder if it is possible to share an IP associated with a machine through > a WireGuard connection? > > Suppose I have a machine that has two IPs on different networks: > - 1.2.3.4/24 gw 1.2.3.1 > - 1.2.4.5/24 gw 1.2.5.1 > > I'd like to allow incoming connections via WG to 1.2.3.4 and forward 1.2.4.5 > to the WG client. > > The best I can do now is create rdomain with wg and vether interfaces, and > use PF nat to vether. > > But maybe it is possible to avoid NAT somehow?
Definitely is. I run externally accessible machines on my home network this way (I have a /29 from my ISP anyway but changed to this after a line outage, and have left it that way since). Configure the IP address on the wg interface with some subnet of 1.2.4.0/24 that includes 1.2.4.5, and use wgaip 1.2.4.5/32 (or a larger block if you wish to route multiple addresses over wg) for the relevant peer. Set net.inet.ip.forwarding as usual. -- Please keep replies on the mailing list.
