Comment by direwolf20

Comment by direwolf20 4 days ago

It's not enough to set fake routes. You have to edit the addresses in the packets, so the end devices will receive them.

Frotag 4 days ago

Yeah so instead DNAT, use NETMAP on the gateway device to that LAN. (Sorry if I'm abusing the terminology, I only do this stuff like once a year for homelab.)

eg this is what I'm currently using to alias my home network

    # Rewrite 192.168.150.?? as 192.168.50.??
    PreUp = iptables -t nat -A PREROUTING -d 192.168.150.0/24 -j NETMAP --to 192.168.50.0/24
    PostDown = iptables -t nat -D PREROUTING -d 192.168.150.0/24 -j NETMAP --to 192.168.50.0/24

With other wg peers getting a 192.168.150.0/24 entry in the AllowedIPs for this gateway (if needed).

Reply View 0 replies

pcarroll 4 days ago

The problem there is you still need to keep track of the subnets. It works for a while, but it's quite complex. NAT is actually easier when you get into hundreds of sites.

Reply View 0 replies