How do I set up a wireguard configuration that acts like a nat?
submitted a month ago by grafcube@programming.dev
I have a server with wireguard in a container with host networking. I want to assign an ipv6 subnet for each peer (eg: fd42:413d:a91f:dd37::/64
) that the client (my laptop) can freely use all the addresses in that subnet and corresponding port ranges as a separate network interface. Meanwhile on the server, that exact same ip and port is routed to that specific client but through the tunnel.
Here's an example:
Server config
[Interface] Address = fd42::1/128 ListenPort = 51820 PrivateKey = <key> [Peer] PublicKey = <key> AllowedIPs = fd42:413d:a91f:dd37::/64
Client config
[Interface] PrivateKey = <key> Address = fd42:413d:a91f:dd37::1/64 [Peer] PublicKey = <key> Endpoint = server.local:51820 AllowedIPs = fd42:413d::/32, fd42:413d:a91f:dd37::/64
Run a server on the client
python -m http.server 8080 --bind fd42:413d:a91f:dd37::1 -d dist
Access on the server
curl -svL http://[fd42:413d:a91f:dd37::1]:8080/
I can't get step 4 to work. It's also entirely possible that my lack of knowledge in networking is making me think this is even possible in the first place. Any help is appreciated!
I'm a little confused where the NAT comes in. It sounds like you want to use the same addresses on the server and the client, which means that there is no translation going on, just routing?
I'm not familiar with wireguard, so I'm not going to be much help with that, but I'd imagine that you need to tell the server that that subnet is routed via the wireguard interface? If you do like
ip -6 route
on the server do you see thatfd42:413d:a91f:dd37::/64
is routed via wireguard?It doesn't have to be the same address, just one that I can be sure is associated with a specific peer.
Here's what I see with
ip -6 route
I think I misunderstood how NAT works.