I have set up an ARP Proxy on my VPS. With this Setup, I can route incoming traffic on the second IP of my VPS over WireGuard. This should allow my Raspberry Pi at home to use the second Public IP.
I got this kind of working. Incoming Pings are forwarded over the WireGuard Tunnel to the Pi. But the Pi then tries to answer the Ping via eth0. Is there a way to fix this, so it sends the reply Packets also over the WireGuard Interface?
To show this Problem (Both on the Raspberry Pi)
WireGuard Interface:
# tcpdump -i wg_pub
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wg_pub, link-type RAW (Raw IP), capture size 262144 bytes
01:35:02.796522 IP <Public ip of ping PC> > <Second VPS IP>: ICMP echo request, id 14, seq 1, length 64
01:35:03.795359 IP <Public ip of ping PC> > <Second VPS IP>: ICMP echo request, id 14, seq 2, length 64
01:35:04.810613 IP <Public ip of ping PC> > <Second VPS IP>: ICMP echo request, id 14, seq 3, length 64
Ethernet Interface:
# tcpdump -i eth0 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
01:37:11.477589 IP <Second VPS IP> > <Public ip of ping PC>: ICMP echo reply, id 14, seq 128, length 64
01:37:12.491045 IP <Second VPS IP> > <Public ip of ping PC>: ICMP echo reply, id 14, seq 129, length 64
01:37:13.505965 IP <Second VPS IP> > <Public ip of ping PC>: ICMP echo reply, id 14, seq 130, length 64
I would like to prevent using a private Subnet on the WireGuard Tunnel.
One way I got this working was to add a static route
ip route add <First VPS IP>/32 dev eth0
and then overwriting the default route
ip route add 0.0.0.0/0 dev wg_pub
But this has the disadvantage of routing all Internet Traffic via the VPS then.
