Hello IT colleagues,
The situation
I have two locations:
- At home
- At a colocation
At home on my ESXi host I’ve created a Ubuntu Server VM with WireGuard that connects to the colocation, also a ESXi host with an Ubuntu Server and WireGuard that acts as a VPN server.
VPN server colocation, also acts as a DHCP server for the colocation:
ens34 has a public IP
ens35 has an internal IP, 10.0.0.1
wg0 is the WireGuard NIC
Settings wg0.conf file
[Interface]
PrivateKey = HIDED
Address = 10.0.0.1/24
ListenPort = 51820
[Peer]
PublicKey = HIDED
AllowedIPs = 10.0.0.2/24
PersistentKeepalive = 25
IP routes
default via PUBLIC IP HIDED dev ens34 proto static
10.0.0.0/24 dev wg0 proto kernel scope link src 10.0.0.1
PUBLIC IP HIDED/29 dev ens34 proto kernel scope link src PUBLIC IP HIDED
192.168.1.0/24 dev ens35 proto kernel scope link src 192.168.1.1
VPN client at home:
ens34 has an internal IP, 10.0.0.2
wg0 is the WireGuard NIC
Settings wg0.conf file
[Interface]
PrivateKey = HIDED
Address = 10.0.0.2/24
[Peer]
PublicKey = HIDED
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = PUBLIC IP HIDED:51820
PersistentKeepalive = 25
The connection between the 2 works. Also when I change the gateway of another VPN at the ESXi host at home it still could connect to the internet, when I change the IP of the gateway to a non existing one as expected it doesn’t work anymore to I am quite convinced that routing really works.
Now I want to connect to a Windows server at the colocation’s ESXi host with the IP 192.168.1.100 but pinging back and forth does not work, not from the VPN client and also not from the VPN server. For this moment this seems to be the last piece of the puzzle that is missing. The wanted situation is that I can use my ESXi host at the colocation like its a server at home and so simulate different kind of networks (for lab purposes). For example setting up a Windows domain and use it on home computers that are also part of the lab env.
I need to admit that this is the first time for me dealing with VPN so it’s also a lack of knowledge from my side. A lot of information was from YouTube and other sources on the internet.
Could someone help me out and advise me in how I can route the network so that 192.168.1.0/24 also is reachable? I’ve tried to add the range also to AllowedIPs = 10.0.0.2/24 but when I start WireGuard I get the error RTNETLINK answers: File exists. I am stuck at this moment. Any help would be highly appreciated!