I am trying to setup a Wireguard tunnel so that A uses the IP of B for outbound and inbound traffic (like a proxy, not a std VPN config). Both boxes are Ubuntu 16.04.
A is eth0, behind a router with NAT and on DMZ, with IP A
B has two public IPs: a main one (ens3 aka B1) and a secondary one (ens3:0 aka B2). The secondary one should be dedicated to the WG tunnel.
WG on A:
Interface
Address = 10.200.1.2/24
SaveConfig = true
ListenPort = 50614
FwMark = 0xca6c
PrivateKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
[Peer]
PublicKey = yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
AllowedIPs = 0.0.0.0/0
Endpoint = <B2>:51820
PersistentKeepalive = 10
WG on B:
[Interface]
Address = 10.200.1.1/24
SaveConfig = true
ListenPort = 51820
PrivateKey = wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
[Peer]
PublicKey = zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
AllowedIPs = 10.200.1.0/24
Endpoint = A:50614
Route on A:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
Route on B:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 B1.B1.B1.1 0.0.0.0 UG 0 0 0 ens3
B2.B2.B2.0 0.0.0.0 255.255.255.0 U 0 0 0 ens3
B1.B1.B1.0 0.0.0.0 255.255.254.0 U 0 0 0 ens3
169.254.169.254 B1.B1.B1.1 255.255.255.255 UGH 0 0 0 ens3
Which route do I need to add so that every outbound packet from A goes out via B2 and every packet inbound to B2 gets sent to A?