I am looking for some advice on how to (if possible) setup a wireguard network for my home network and when I am connected to that network have a remote wireguard server act as an exit node, so that all external traffic appears to be coming from that remote server whilst keeping traffic bound for the home network local (only accessible via wireguard network)

Local server is a Debian box and other devices will run a flavour of linux. Remote server is already running wireguard and I can connect to that if I bring up a route on each device, but ideally I want to connect to my home net and automatically have outbound traffic go via the remote server. The remote server’s wireguard config is not under my control, which may make this unfeasible

  • jubilationtcornpone@sh.itjust.worksEnglish
    4·
    5 days ago

    I want to make sure I understand your goal correctly. Here’s what I’m getting.

    1. You have a wire guard connection that you want to use for outbound traffic from your local LAN.
    2. You have a Debian box that serves at the client in this situation.

    Here’s the part where I’m a little fuzzy

    1. You want to connect to your local LAN using another wire guard connection and have WAN requests routed from clients connecting to your LAN (via wire guard) out the wire guard connection mentioned in #1.

    Did I get any part of that wrong?

    Edit: NVM. I saw your response to another comment that sounds like this is exactly what you want.

    This should be achievable via routing. I actually do the same thing. The main difference is all the work is done on my router which handles both wire guard connections and routing.

    At the minimim you’re going to need:

    • A NAT rule on your local router to port forward incoming wire guard requests on the WAN to your Debian box. **Assuming the Debian box is also the wire guard server.
    • An iptables DSTNAT rule on your Debian box to route local traffic to the LAN gateway.
    • An iptables DSTNAT rule on your Debian box to route outbound WAN traffic that does NOT originate from your Debian box to the gateway at the other end of the outbound wire guard connection.