Help Request: routing issues (personal problem)

[ma-karai]

Terms

• [X] This request is not a duplicate of an existing feature
• [X] I have provided as much information as I can about the new feature.

Summary

I am looking for some input from someone who knows what they are talking about.

So, I am running into a few problems and am seeking help from you as I followed your amazing guide. I am not an network engineer or similar by trade, so any type of input is helpful.

In order to elucidate on what issues I encounter here is a slimed down version of my network topography.

What works so far and what doesnt:

Scenario 1: (Works) The wireguard tunnel between my reverse proxy and the VPS is turned OFF

WWW Client 1: Can reach web.mydomain.com and will properly forward to the Docker Host 1 Webserver (Great) WWW Client 2: Can NOT reach web.proxy.mydomain.com at all (obviously, as the WG tunnel is not connected) Scenario 2: (Issues) The wireguard tunnel between my reverse proxy and the VPS is turned ON

WWW Client 2 can reach web.proxy.mydomain.com and will properly forward to the Docker Host 1 Webserver (Great) WWW Client 1 can NOT reach web.mydomain.com at all and times out. (This is my issue, I don't understand why) As far as I can tell, when my reverse proxy (WG client config) connects to the VPS (WG server config) , it rewrites the routing and blocks all other traffic from all other subnets, so WWW client can not connect anymore via the normal router.

I have a feeling that this could be fixed with proper ip routes, but I dont really understand it. Can anyone help me with this?

For completeness sake here are the sanaticed wireguard configs:

VPS:

[Interface]
PrivateKey = privkey
ListenPort = 55107
Address = 10.1.1.1/24

PostUp = iptables -t nat -A PREROUTING -p tcp -i eth0 --match multiport --dports 80,443,8443,5001 -j DNAT --to-destination 10.1.1.2
PostUp = iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 6.7.8.9
PostUp = iptables -t nat -A PREROUTING -p udp -i eth0 --match multiport --dports 51840 -j DNAT --to-destination 10.1.1.2

PostDown = iptables -t nat -D PREROUTING -p tcp -i eth0 --match multiport --dports 80,443,8443,5001 -j DNAT --to-destination 10.1.1.2
PostDown = iptables -t nat -D POSTROUTING -o eth0 -j SNAT --to-source 6.7.8.9
PostDown = iptables -t nat -D PREROUTING -p udp -i eth0 --match multiport --dports 51840 -j DNAT --to-destination 10.1.1.2

[Peer]
PublicKey = pubkey
AllowedIPs = 10.1.1.2/32
Wireguard Client:

[Interface]
PrivateKey = privkey
Address = 10.1.1.2/24

PostUp = ip rule add from 192.168.0.30 table main #to get ssh working
PreDown = ip rule del from 192.168.0.30 table main #to get ssh working

[Peer]
PublicKey = publickey
AllowedIPs = 0.0.0.0/0
Endpoint = 6.7.8.9:55107
PersistentKeepalive = 25

I am guessing this can be fixed with proper ip rules, but I don't really understand it :D

Motivation

Why are we doing this?

I'd like to have too routes to my reverse proxy, one from an vps, and one from my public private IP

Additional Context

No response

[ma-karai]

@mochman Luke, i am your father...... and I need desperately help (I am sure you never heard this before)