I have two Proxmox notes, in two separate locations. They are connected via a Wireguard Tunnel between the two sites (A and B). This tunnels all traffic destined for the other site through the tunnel on both.
- All servers on Node A use the range 10.0.0.0/24.
- All servers on Node B use the range 10.10.0.0/24
Any traffic from A destined for B, say for example, 10.10.0.100, would go via the Wireguard tunnel (wgAMS) to B. The reverse is the same from Node B (over wgLON).
However: I also have another Wireguard interface running on Node A (wg0 interface). I use this to allow remote access from mobile devices, laptops etc.
Clients connected to Node A over this wg0 interface (10.7.0.0/24) can access everything on Node A with no problems, however cannot reach anything in Node B. I've tried serveral different things but still can't get these to route correctly.
The output of ip route from Node A is below.
default via <WAN_IP> dev vmbr0 proto kernel onlink
10.0.0.0/24 dev vmbr2 proto kernel scope link src 10.0.0.1
10.7.0.0/24 dev wg0 proto kernel scope link src 10.7.0.1
10.10.0.0/24 dev wgAMS scope link
10.10.9.0/31 dev wgAMS proto kernel scope link src 10.10.9.0
Looking at this, it appears to me that these clients should be able to access 10.10.0.0/24 (Node B) - but they can't. Running tcpdump on the wg0 interface I can see sample ICMP/ping traffic but no responses.
I've tried adding PostUp rules to route the traffic on the wg0 interface config via wgAMS for Node B IPs but this didn't help either.
I largely followed this guide for the site-to-site tunnel, for reference.
