i need to route OpenVPN Traffic/Auth for a Wireguard Firewall through a wireguard tunnel to have a fixed ip address.
My Setup: 1x VPS that acts as the wireguard server and fixed ip for the OpenVPN 1x Wireguard gateway on site behind a NATed ISP connection 1x Wathguard firewall that is connected to the second Ethernet port of the Gateway
VPS
31.x.x.x enp1s0
10.10.0.1 wg0
wg gateway
dy. IP enp3s0
10.10.0.2 wg0
10.10.1.1 enx00e04c32cba5
watchguard FW
10.10.1.2 port 1294 OpenVPN
my iptables rules are as following:
VPS:
iptables -A FORWARD -i enp1s0 -o wg0 -p tcp --syn --dport 1294 -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -i enp1s0 -o wg0 -p udp --dport 1294 -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -i enp1s0 -o wg0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i wg0 -o enp1s0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A PREROUTING -i enp1s0 -p tcp --match multiport --dport 80,443,1294 -j DNAT --to-destination 10.10.1.2
iptables -t nat -A POSTROUTING -o wg0 -p tcp --match multiport --dport 80,443,1294 -d 10.10.1.2 -j SNAT --to-source 10.10.0.1
wg gateway:
iptables -t nat -A POSTROUTING -o enp3s0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o enx00e04c32cba5 -j MASQUERADE
net.ipv4.ip_forward=1 is set on both VPS and the gateway. My Problem is that i can't get a connection to the OpenVPN Server from the internet. Doing a curl 10.10.1.2:1294 on the VPS gives me the site that is provided by the Watchguard, so the principal routing between the VPS, Gateway and watchguard fw seems to work.
What am i doing wrong?
