My current Wireguard setup has a VPS connected to two devices on different local networks. Each of the home network devices are connected to the VPS using Wireguard, but are not configured to accept connections from each other (they haven't been added as peers in each others config files).
I'd like to use the VPS similar to a reverse proxy server, so that home device 1 can connect to the VPS and have its traffic routed to home device 2, without needing to configure a direct connection between the two home devices (essentially a hub and spoke model). Is there a way to route traffic this way?
Current home network device config file:
[Interface]
Address = 10.0.0.2/8
SaveConfig = true
ListenPort = 53910
FwMark = 0xca6c
PrivateKey = <privkey>
[Peer]
PublicKey = <pubkey>
AllowedIPs = 10.0.0.1/32
Endpoint = <IP address>
Server config file:
[Interface]
Address = 10.0.0.1/8
SaveConfig = true
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE;
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE;
ListenPort = 51820
PrivateKey = <privkey>
[Peer]
PublicKey = <pubkey>
AllowedIPs = 10.0.0.2/32
Endpoint = <IP of home network device 1>
[Peer]
PublicKey = <pubkey>
AllowedIPs = 10.0.0.3/32
Endpoint = <IP of home network device 2>
Under these current rules, if I try to ping device 2 from device 1, I get this error message (which seems to suggest that the peers are aware of each other, but that they're not configured correctly?)
user@device1:~/wireguard$ ping 10.0.0.3
PING 10.0.0.3 (10.0.0.3) 56(84) bytes of data.
From 10.0.0.2 icmp_seq=1 Destination Host Unreachable
ping: sendmsg: Required key not available
Thanks!