This is almost right, but you’ll need more specific iptables rules for the split tunneling - try something like ip route add YOUR.HOME.SUBNET.0/24 via 10.0.0.2 on the VPS and then on the homelab add iptables -t nat -A POSTROUTING -d YOUR.HOME.SUBNET.0/24 -j ACCEPT followed by iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE to route evreything else through the VPS connection.
Comment on Need help for setting up a VPN project
gravitywell@sh.itjust.works 1 week ago
A central wireguard peer on your vps, connect from home to vps and direct the wireguard. Add friends as peers on the VPS like such:
[Interface] Address = 10.0.0.1/24 ListenPort = 51820 PrivateKey = <VPS_PRIVKEY> # Home [Peer] PublicKey = <HOME_PUBKEY> AllowedIPs = 10.0.0.2/32 # Friend [Peer] PublicKey = <CLIENT_PUBKEY> AllowedIPs = 10.0.0.3/32
Use iptables to Split tunnel traffic
For the home network ip route add 192.168.1.0/24 via 1. 0.2 dev wg0
And for the vpn To route google a .d such
Enable NAT for clients
iptables -t natw POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE
You can set the iptables rules to run wjen
MysteriousSophon21@lemmy.world 1 week ago
foremanguy92_@lemmy.ml 1 week ago
This is not what I exactly want to do. Requests to my home services are protected by not going directly to my home and rather going trough VPS, but since I know my friends I can let them go directly to my home without at any time go trough the VPS (expect to make up the out request).
gravitywell@sh.itjust.works 1 week ago
In that case you would need to add the peers to the wireguard node you have running in the home lab as well. Wireguard can route peer to peer and will take the shortest path available to it.
That said, i highly recommend first getting things working in a “spoke and wheel” style wireguard configuration with either your homelab or the vps as a central peer, then add peers as endpoints after you have everyone with working connections to the central peer. Its just a heck of a lot easier to trouble shoot and get your head around thatway.