I have a Debian VPS which is running two different WireGuard interfaces. The first one, wg0.conf, is being used by myself to connect to the VPS. Next, I would like to route all my internet traffic from wg0 through wg1 which uses my desired endpoint.

In other words, I am trying to set a double-chain system.

I have spent quite a few hours trying to fix this issue but, whenever I enable both interfaces, I seem to loss SSH connection and the WireGuard VPN connection appears to have no internet.

Config files

wg0.conf

Address = 10.66.66.1/24,fd42:42:42::1/64
ListenPort = 54080
FwMark=1234
PrivateKey = ...
PostUp = iptables -I INPUT -p udp --dport 54080 -j ACCEPT
PostUp = iptables -I FORWARD -i eth0 -o wg0 -j ACCEPT
PostUp = iptables -I FORWARD -i wg0 -j ACCEPT
PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostUp = ip rule add sport 22 table main
PostUp = ip6tables -I FORWARD -i wg0 -j ACCEPT
PostUp = ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
 
PostDown = iptables -D INPUT -p udp --dport 54080 -j ACCEPT
PostDown = iptables -D FORWARD -i eth0 -o wg0 -j ACCEPT
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT
PostDown = ip rule remove add sport 22
PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
PostDown = ip6tables -D FORWARD -i wg0 -j ACCEPT
PostDown = ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
 
### Client
[Peer]
PublicKey = ...
PresharedKey = ...
AllowedIPs = 10.66.66.2/32,fd42:42:42::2/128

wg1.conf

PrivateKey = ...
Address = 172.16.0.2/32
Address = 2606:4700:110:8220:148:26c3:a20e:ee28/128
DNS = 1.1.1.1
MTU = 1280
FwMark=1234
[Peer]
PublicKey = ...
AllowedIPs = 0.0.0.0/0
AllowedIPs = ::/0
Endpoint = doublevpnsetup.domain:2408

Feedback would be highly appreciated, many thanks!