On Sat, Aug 10, 2024 at 09:18:48AM +0100, 04-psyche.tot...@icloud.com wrote: > Hi all, > > I am working on a wireguard network. > > I have a setup like this: > > serverA (10.0.0.0) => serverB (10.0.0.1) => serverC (10.0.0.2) > > - serverA connects to serverB with AllowedIPs = 0.0.0.0/0 > - serverB connectes to serverC with AllowedIPs = 0.0.0.0/0 > > I cannot access serverC directly from serverA (it does not have a public > facing IP), so I go via serverB.
Can serverA and serverC both make inbound connections to serverB? If so, then just: * set up a dedicated subnet for each of serverA and serverC * include both in the configuration of wgaip on each server * use a short wgpka setting on serverA and serverC to ensure that the link stays up. No need for manual routing changes, routing domains, cron jobs or other cludges. It just works. I'm ssh'ed in to a machine right now that is at the other end of such a tunnel on a dynamic IP, and it's been up for seven days.
