this post was submitted on 09 Aug 2025
33 points (97.1% liked)

Selfhosted

50779 readers
1295 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
CannaVet@lemmy.world
Loki@lemmy.world
HybridSarcasm@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
33
HELP: Wireguard for home network with remote exit node (lemmy.dbzer0.com)
submitted 2 weeks ago* (last edited 2 weeks ago) by portnull@lemmy.dbzer0.com to c/selfhosted@lemmy.world
14 comments fedilink hide all child comments
 

I am looking for some advice on how to (if possible) setup a wireguard network for my home network and when I am connected to that network have a remote wireguard server act as an exit node, so that all external traffic appears to be coming from that remote server whilst keeping traffic bound for the home network local (only accessible via wireguard network)

Local server is a Debian box and other devices will run a flavour of linux. Remote server is already running wireguard and I can connect to that if I bring up a route on each device, but ideally I want to connect to my home net and automatically have outbound traffic go via the remote server. The remote server's wireguard config is not under my control, which may make this unfeasible

you are viewing a single comment's thread
view the rest of the comments
[–] jubilationtcornpone@sh.itjust.works 5 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

I want to make sure I understand your goal correctly. Here's what I'm getting.

  1. You have a wire guard connection that you want to use for outbound traffic from your local LAN.
  2. You have a Debian box that serves at the client in this situation.

Here's the part where I'm a little fuzzy

  1. You want to connect to your local LAN using another wire guard connection and have WAN requests routed from clients connecting to your LAN (via wire guard) out the wire guard connection mentioned in #1.

Did I get any part of that wrong?

Edit: NVM. I saw your response to another comment that sounds like this is exactly what you want.

This should be achievable via routing. I actually do the same thing. The main difference is all the work is done on my router which handles both wire guard connections and routing.

At the minimim you're going to need:

  • A NAT rule on your local router to port forward incoming wire guard requests on the WAN to your Debian box. **Assuming the Debian box is also the wire guard server.
  • An iptables DSTNAT rule on your Debian box to route local traffic to the LAN gateway.
  • An iptables DSTNAT rule on your Debian box to route outbound WAN traffic that does NOT originate from your Debian box to the gateway at the other end of the outbound wire guard connection.
[–] portnull@lemmy.dbzer0.com 1 points 2 weeks ago

Thank you for the detailed explanation. I will give this a shot.