Both edits should be on tunnel 1 client configurations - GL router. As for your first question, it should be the Public IP.
Ignore the uci command for now.
It doesn’t seem to work, in fact I lose connection completely with this configuration.
When I save the fwmask in the client file, once saved, the glinet deletes it from the file.
Could you explain to me why allowedIPs with the public IP of server 1? I don’t quite see the sense
Hello, I have carried out another test to validate the use case.
On this occasion the Glinett router has been replaced by a Windows PC.
The same scenario with the Windows PC connected to wg tunnel 1 and sharing the internet works perfectly. That is, I arrive at tunnel 2 (from de wg client connected via wifi to windows pc) with the IP of tunnel 1 and all the traffic is tunneled by both tunnels.
The client files are the same as those used initially. Which makes me think that the problem is in the implementation of wireguarde in the glinet.
FYI: This setup is known as a ‘tunnel in tunnel’… unsuprisingly.
You could be onto something.
If the Win PC’s WG Client is confirmed to reach the WGSERVER02 endpoint via TUNNEL01, then I’d just copy it’s conf over to the GL device (GL GUI → VPN → WireGuard Client). Manually adding a WG endpoint via LuCI/UCI can sometimes get mangled by GL GUI’s scripts running in the background.
wg show will tell you if it’s handshaking correctly. IP Leak will confirm the Public IP. Draw.io might be worth considering.
Following up on this, as I'm on the same boat.
Has anyone been able to figure it out?