dominatorstang
Occasional Visitor
Because I am behind a CGNAT then I am using a VPS to host services from my local server with a wireguard tunnel connecting them. I used mochman's script to setup the tunnel between a ubuntu VM I have on my local network and a ubuntu vm on my VPS. The local VM is actually just relaying traffic to different IP's and ports on my local network.
But now I would like to use one of my ASUS routers for the tunnel instead of my local VM. My first choice is my RT-AX58U that is being used as an AP only. My second choice is my RT-AC86U that is being used as only a router and internet gateway. Now I have tried on both of these routers, my same configuration I use on the local ubuntu wireguard wg-quick, and they are connecting. But they do not router traffic correctly and I can not longer access the Asus devices web interface when the tunnel is up. It makes sense that it would be my iptables settings, but I am not sure how I should have them set. I did also read through https://github.com/ZebMcKayhan/WireguardManager#site-2-site and created some files to see that the iptables config certainly looks very different from mine.
But now I would like to use one of my ASUS routers for the tunnel instead of my local VM. My first choice is my RT-AX58U that is being used as an AP only. My second choice is my RT-AC86U that is being used as only a router and internet gateway. Now I have tried on both of these routers, my same configuration I use on the local ubuntu wireguard wg-quick, and they are connecting. But they do not router traffic correctly and I can not longer access the Asus devices web interface when the tunnel is up. It makes sense that it would be my iptables settings, but I am not sure how I should have them set. I did also read through https://github.com/ZebMcKayhan/WireguardManager#site-2-site and created some files to see that the iptables config certainly looks very different from mine.
Code:
[Interface]
PrivateKey = removed
Address = 10.1.0.2/24
PostUp = iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.1.104:80; iptables -t nat -A POSTROUTING -p tcp --dport 80 -j MASQUERADE
PostDown = iptables -t nat -D PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.1.104:80; iptables -t nat -D POSTROUTING -p tcp --dport 80 -j MASQUERADE
PostUp = iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination 192.168.1.104:443; iptables -t nat -A POSTROUTING -p tcp --dport 443 -j MASQUERADE
PostDown = iptables -t nat -D PREROUTING -p tcp --dport 443 -j DNAT --to-destination 192.168.1.104:443; iptables -t nat -D POSTROUTING -p tcp --dport 443 -j MASQUERADE
PostUp = iptables -t nat -A PREROUTING -p tcp --dport 8080 -j DNAT --to-destination 192.168.1.104:8080; iptables -t nat -A POSTROUTING -p tcp --dport 8080 -j MASQUERADE
PostDown = iptables -t nat -D PREROUTING -p tcp --dport 8080 -j DNAT --to-destination 192.168.1.104:8080; iptables -t nat -D POSTROUTING -p tcp --dport 8080 -j MASQUERADE
PostUp = iptables -t nat -A PREROUTING -p tcp --dport 8443 -j DNAT --to-destination 192.168.1.104:8443; iptables -t nat -A POSTROUTING -p tcp --dport 8443 -j MASQUERADE
PostDown = iptables -t nat -D PREROUTING -p tcp --dport 8443 -j DNAT --to-destination 192.168.1.104:8443; iptables -t nat -D POSTROUTING -p tcp --dport 8443 -j MASQUERADE
PostUp = iptables -t nat -A PREROUTING -p tcp --dport 5800 -j DNAT --to-destination 192.168.1.104:5800; iptables -t nat -A POSTROUTING -p tcp --dport 5800 -j MASQUERADE
PostDown = iptables -t nat -D PREROUTING -p tcp --dport 5800 -j DNAT --to-destination 192.168.1.104:5800; iptables -t nat -D POSTROUTING -p tcp --dport 5800 -j MASQUERADE
[Peer]
PublicKey = removed
AllowedIPs = 0.0.0.0/0
Endpoint = removed
PersistentKeepalive = 25