(educational purposes)
Hey Guys,
actually i'm trying to create a company network (employee clients) with wireguard. Lets say its the subnet 10.0.0.0/24. The Wireguard Server is a Hetzner Cloud server, which has surely a public ip address (to be reachable for the clients to build up the internal network) and further its connected to a Hetzner private network (Layer 2) - Lets say its 192.168.0.0/24 (on ens10 interface).
How can i get access from a employee client which is connected to the wireguard vpn and has the wireguard ip address 10.0.0.2/24 to all servers which are within 192.168.0.0/24?
I tried to create a mostly correct diagram of it
I show you my practice:
client tunnel file:
[Interface]
PrivateKey = <CLIENTS-PRIVATE-KEY>
Address = 10.0.0.2/32
[Peer]
PublicKey = <SERVERS-PUBLIC-KEY>
AllowedIPs = 192.168.0.0/24, 10.0.0.0/24
Endpoint = <SERVERS-PUBLIC-IP>:51820
servers tunnel file:
[Interface]
Address = 10.0.0.1/32
ListenPort = 51820
PrivateKey = <SERVERS-PRIVATE-KEY>
[Peer]
PublicKey = <CLIENTS-PUBLIC-KEY>
AllowedIPs = 192.168.0.0/24, 10.0.0.0/24
also i enabled net.ip4.ip_forward within the vpn server to forward requests to the 192.168.0.0/24 subnet.
My client is able to resolve his own Wireguard IP (10.0.0.2), resolve Wireguard IP of VPN server (10.0.0.1) and further is able to resolve the private ip address of the VPN server (192.168.0.2) - but is not able to resolve other hosts within the private network like 192.168.0.3/192.168.0.4 etc.
Maybe you can help me to figure out what i'm doing wrong or whats missing?
