Its not hard as you already have a wireguard interface,
Just assign each router a wireguard IP.
On the main router
add a line for allowed IPs to each router.
ipaddressRouterClient1/32,subnetC,subnetD...... ( either local users going to remote subnet, OR , remote subnets coming into the main router )
interface=wireguard public-key=xxxxxxx
ipaddressRouterClient2/32,subnetF,subnetG......
interface=wireguard public-key=xxxxxxx
Applicable Routes for any applicable subnets table main based on the above allowed addresses. (remember they are not local so you have to tell MAIN router about them)
Applicable firewall rules
- to allow traffic from other routers to your subnets as picky as you need to be
- to allow traffic from local subnets into the tunnel to reach other router subnets
- ONE KEY RELAY RULE
add chain=forward action=accept in-interface=wireguard out-interface=wireguard.
Ex. This will allow any subnet from router 1 to reach MAIN server Router and reach router 6.
Traffic from subnet A, needs to reach subnet M
You have two routes existing
add dst-address=subnetA gateway=wireguard table=main
add dst-address=subnetM gateway=wireguard table=main
So the router knows where to send originating and return traffic!!
The Relay firewall allows the traffic to hit MAIN from Router 1 and then renter the tunnel headed for Router 6.
Its Peer to Peer!!
Just assign each router a wireguard IP.
On the main router
add a line for allowed IPs to each router.
ipaddressRouterClient1/32,subnetC,subnetD...... ( either local users going to remote subnet, OR , remote subnets coming into the main router )
interface=wireguard public-key=xxxxxxx
ipaddressRouterClient2/32,subnetF,subnetG......
interface=wireguard public-key=xxxxxxx
Applicable Routes for any applicable subnets table main based on the above allowed addresses. (remember they are not local so you have to tell MAIN router about them)
Applicable firewall rules
- to allow traffic from other routers to your subnets as picky as you need to be
- to allow traffic from local subnets into the tunnel to reach other router subnets
- ONE KEY RELAY RULE
add chain=forward action=accept in-interface=wireguard out-interface=wireguard.
Ex. This will allow any subnet from router 1 to reach MAIN server Router and reach router 6.
Traffic from subnet A, needs to reach subnet M
You have two routes existing
add dst-address=subnetA gateway=wireguard table=main
add dst-address=subnetM gateway=wireguard table=main
So the router knows where to send originating and return traffic!!
The Relay firewall allows the traffic to hit MAIN from Router 1 and then renter the tunnel headed for Router 6.
Its Peer to Peer!!
Statistics: Posted by Mesquite — Thu Feb 29, 2024 12:03 am