WireGuard Client on GliNet router without IP Masquerade


I’d like to do the following:

Glinet router connect ------> Wireguard server on a Linux VM

Another Linux Server connect -----> to the same GliNer router used above or another Linux server which runs in the network of the glinet router mentioned above.

Tye config so far which works nicely is that the glinet router has ACCESS TO REMOTE LAN enabled and also IP MASQUERADE enabled.

That means all traffic from the network of the glinet router gets routed through the Wireguard server on the Linux VM.

Now when trying to connect to the glinet router Wireguard server it fails and that it because of IP MASQUERADE. Since the router is a client of a VPN network, it gets kind of a different public IP which means when trying to communicate with the glinet router as a Wireguard server it does not receive the traffic.

Same is if I run a Linux server in the glinet router network. Effectively any traffic coming from outside to the glinet router is dropped.

If I disable IP MASQUERADE on the glinet Wireguard client, there’s no internet anymore as long the Wireguard client on the router is active.

I guess on the Linux VM which runs the Wireguard server I need to change something (correct me if I’m wrong). Or maybe can we set that incoming traffic comes through a different interface…

Essentially I don’t want to hide my IP but rather want to make sure that the two networks can talk to each other (also called site2site VPN)

Any advise please?

Many thanks