Mam modelovu situaciu
client_android_WG --- inet --- Debian12_WG_server_(public_IPv4) --- inet --- OpenWRT_WG_(private_IPv4) --- LAN
IP CGN mobile IPv4 12.34.56.78 NAT 192.168.70.0/24
Nastavenie na debiane WG
[Interface]
PrivateKey = ************************************************************
Address = 10.10.3.1/24
ListenPort = 51820
#PreUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
#PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
# mobil android
[Peer]
PublicKey = ************************************************************
AllowedIPs = 10.10.3.2/32
#OpenWRT
[Peer]
PublicKey = ************************************************************
AllowedIPs = 192.168.70.0/24,10.10.3.3/32
konfiguracia v mobile
[Interface]
Address = 10.10.3.2/32
PrivateKey = ************************************************************
[Peer]
PublicKey = ************************************************************
AllowedIPs = 0.0.0.0/0
Endpoint = example.com:51820
PersistentKeepalive = 25
Cielom je dostat sa z mobilu do siete 192.168.70.0/24. Toto funguje dobre (IP adresi v LAN pingam bez problemov). Ked je WG siet aktivna v mobile, tak sa nedostanem na internet. Ked odkomentujem maskaradu, tak funguje aj internet, ale pochopitelne cez wireguard a to prave nechcem.
Mojim cielom je dostat sa z mobilu do LAN siete a tiez aby fungoval na mobile internet, ale nie cez WG.