Hey everyone, so I was thinking about linking two Flints on separate locations and would welcome suggestions on the approach. Setup is like this
Flint 1:
public IP address on the WAN port
LAN 192.168.69.0/24
Wireguard connected to VPN1 with killswitch active and all clients go through it
Flint 2:
no public IP address from ISP (CGN) although same ISP as Flint 1
LAN 192.168.70.0/24
Wireguard connected to VPN2 with killswitch active and all clients go through it
Now goal is for all LAN clients behind Flint 2 to access devices on LAN behind Flint 1.
LAN clients behind Flint 1 won’t be accessing anything behind Flint 2 (although it’s not a flaw if they do have access)
I’d also change your terminology, OP; There’s a Flint version 2 now.
So it’s my understanding there’s CG-NAT in play for Flint 02? Given your goal is only to have Client Device → Flint 02 → VPN ↔ [WAN/Public Internet} ↔ VPN → Flint 01 → Client Devices, your use case is a variation of a Site-to-Site/WireGuard configuration… even though you won’t be able to connect into Flint 02’s LAN/devices connect to it.
Substitute Flint 02, which is behind CG-NAT in your case, for the WG Client router in the following HOW-TO:
(If that doesn’t work due to something w/ CG-NAT, there’s Tailscale to fall back on but that presents a whole new set of hurdles as GL support for it is still marked ‘beta’.)
thanks for suggestions guys and for that nice website draw.io
I have created a diagram below. Now, I did see that thread previously, but I need (in this case FLINT02) to be able to run two wireguard client instances, one for internet access for clients behind it and other for connecting to FLINT01. Seems like there is no option for that? Or am I missing something…
You can’t run two WG Client instances on the current stable builds of GL firmware OOTB ATM. If you’re OK w/ running general Public Internet connectivity (that is, unencrypted/non-VPN on the general 'net/Clearnet), take a look @ the GL GUI’s VPN’s Proxy Modes:
