Multi Point Wireguard with NAT

Hello,

i want to set up a VLAN in the address Area 10.zzz.zzz.zzz the network.

10.0.0.zzz should be the local network on a RUT24x.

10.0.0.1 is the RUT24x in the local network.

10.0.1.zzz to 10.255.255.zzz should be the remote network each on a RUT955.

10.zzz.zzz.1 is in every remote network the RUT955

Every RUT955 is configured at the LAN as a 192.168.1.xxx network

Every connection from WAN to the internet can be different and are not under my control.

NAT should make this translation, example:

Remote network 1: 192.168.1.2 ↔ 10.0.1.2 to 192.168.1.20 ↔ 10.0.1.20

Remote network 2: 192.168.1.2 ↔ 10.0.2.2 to 192.168.1.20 ↔ 10.0.2.20

Remote network 3: 192.168.1.2 ↔ 10.0.3.2 to 192.168.1.20 ↔ 10.0.2.20

a.s.o.

10.0.0.2 to 10.0.0.20 are the Local DHCP Area this should have access to the SubnetMask 255.0.0.0

But the remotes should have no access to each other.

The devices must have internet over the local internet connection on the RUT955 WAN ports

The Wireguard more a service connection.

Who can help me how I can realize this? Or show me a howto? (In English or German)

Hello,

A few suggestions:

Firstly, consider using a Layer 2 VPN such as OpenVPN in TAP mode or L2TP over IPSec. These VPN solutions allow devices to be on the same subnet, enabling communication as if they were physically connected on the same network. Examples are here and here, respectively.

Secondly, you can consider port forwarding. Configure port forwarding on the RUT955 devices to redirect traffic from specific IP addresses over the VPN to the corresponding devices on the LAN. This way, when you connect to a specific IP address over the VPN, the traffic is forwarded to the appropriate device on the LAN.

Another option is to use IPtables with the NETMAP feature. This involves configuring appropriate rules on all devices to map IP addresses between the local and remote networks. For example, on Router1 and Router2, you would set up NAT rules using NETMAP to allow communication between the different subnets. This IPtable rules can be put into System → Custom Scripts to be executed after device reboot.

For NETMAP, you can take a look here, here, and here.

Kind Regards,

This topic was automatically closed after 15 days. New replies are no longer allowed.