I am attempting to figure out a way to configure wireguard between my MV-1000(WG server) and a e750(WG client) routers. It appears that the GL firmware changes the way wireguard is run as opposed to standard linux host. I would like my remote network to be routed over the tunnel while internet destined traffic is only NAT’d on the public IP of my WAN interface of the MV-1000.
Has anyone been able to successfully get this to work between GL INET routers? It would be nice if this was an option we were able to configure through the GL GUI.
As far as I know there’re no GUI option to turn off NAT on WireGuard connection. We have to manually edit /etc/config/wireguard to add “option masq ‘0’”. See the example below:
The GL firmware seems to change how Wireguard is configured on the routers. The syntax and configuration locations are different from how all the resources on the internet show it configured, which is why I am running into issues.
The goodcloud site to site tunnel looks like it would almost work to accomplish this, but there is no way to add a default route to one end. You can only add /24s unfortunately and it will not accept 0.0.0.0/0.
I cannot fully understand what you want to achieve.
On the wireguard client side (E750), E750 has to work in router mode, i.e. has NAT.
If you want to only have one NAT in the server side, you need to have vpn bridge. Unfortunately this does not work for wireguard. It can be done for Openvpn.
But when you mention S2S, seems my understanding above is not correct.