I am attempting to set up an Ubuntu server wireguard VPN client router via a VM under ESXi in my homelab to better understand how this works; eventual deployment would be on my raspberry pi to allow devices connected to said pi to be routed through the VPN; basically a portable router that forces every device connected to it to be routed back to my server (also lives on my homelab) used when I travel for work. For current testing, I have a Ubuntu server VM set up at a family members house so I can have an alternate public IP to verify things work as expected.
Test setup:
Local LAN - 192.168.1.1
WG Server - 10.0.0.1
Virtual LAN for testing within my homelab - 10.0.0.2
Remote LAN 192.168.86.1
WG Server on an Ubuntu Server VM
WG Client on an Ubuntu Server VM
I have a wireguard connection set up, handshakes, public IP shows correct on my WG Client
Current server setup is:
[Interface]
PrivateKey=<server-private-key>
Address=<10.0.0.1>/<8>
SaveConfig=true
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o <eth0> -j MASQUERADE;
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o <eth1> -j MASQUERADE;
ListenPort =51820
Current client setup is:
[Interface]
PrivateKey = <client-private-key>
Address = <client-ip-address>/<subnet>
SaveConfig = true
[Peer]
PublicKey = <server-public-key>
Endpoint = <server-public-ip-address>:51820
AllowedIPs = 0.0.0.0/0
Once I have wireguard set up and working - which I do believe it is, its pretty easy to set up based on the above, I moved onto setup of my secondary interface which will be 10.0.0.2 and will receive DHCP and use the router I set up within the WG Client VM. I set this up via a rather simple guide (can’t link to it apparently, so, just have to assume setting up a router is easy enough).
With this second interface working, I spin up an ubuntu desktop VM on my homelab connected to the same virtual network as the WG Client second interface is connected to, DHCP works as expected, and I am even able to get iffy internet on the ubuntu desktop VM. I can google things, I can watch youtube, but things just don’t quite work right, I can’t download and install chrome for example, it tries, it hangs, it tries some more, but just doesn’t really work. Speed tests do run very near line speed though…
I assume packets are not being routed through to the wireguard interface correctly, or something somewhere is not being translated. I though the "allowwedIP’s being 0.0.0.0/0 would mean all traffic through the WG Client would be forced over the WG interface, but that is proving not to really work. I have tried some random iptables settings as well, but nothing really changes anything. I have seen the fact wireguard works with namespaces, but I am not quite sure how that works or how I would set that up for my needs. I know enough to know enough, but clearly not enough to get this working as intended.
Any ideas, or guides that could be followed for this exact situation? I have been at this for a couple days now and just can’t get my head around it.