- Tunnel Subnet
10.7.0.0/24
- Host C Public IP
66.10.10.1
(just for the example)
- Host A -
10.7.0.2
- Host B -
10.7.0.3
- Host C -
10.7.0.1
[Interface]
Address = 10.7.0.2/24
PrivateKey = [host A private key]
ListenPort = 21841
DNS = 10.7.0.1 # or 1.1.1.1 or whatever DNS you use
[Peer]
PublicKey = [host C public key]
Endpoint = 66.10.10.1:51820
AllowedIPs = 10.7.0.0/24
PersistentKeepalive = 25
[Interface]
Address = 10.7.0.3/24
PrivateKey = [host B private key]
ListenPort = 21841
DNS = 10.7.0.1 # or 1.1.1.1 or whatever DNS you use
[Peer]
PublicKey = [host C public key]
Endpoint = 66.10.10.1:51820
AllowedIPs = 10.7.0.0/24
PersistentKeepalive = 25
[Interface]
Address = 10.7.0.1/24
PrivateKey = [host C private key]
ListenPort = 51820
[Peer]
PublicKey = [host A public key]
AllowedIPs = 10.7.0.2/32
[Peer]
PublicKey = [host B public key]
AllowedIPs = 10.7.0.3/32
PersistentKeepalive = 25
- Make sure you changed the ENDPOINT in Host A and B's configuration from
66.10.10.1
to Host C's actual public IP address.
- You should now be able to ping any host on the
10.7.0.0/24
subnet from any client connected to the WireGuard network.
- You do not need any
PostUp
or PostDown
commands on C
because the packets don't leave the wg0
interface on C
.