I have one wireguard interface wg_vpn, but I don't want it to be global, so I add the line "Table = off" to the wg_vpn.conf to prevent wg-quick to modify the route table.
I also have an openvpn/wireguard interface tun0/wg0, and the clients can access my server through it. I've created these iptables rules:
iptables -t nat -A POSTROUTING -o wg_vpn -j MASQUERADE
iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wg0 -o wg_vpn -j ACCEPT
ip6tables -t nat -A POSTROUTING -o wg_vpn -j MASQUERADE
ip6tables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
ip6tables -A FORWARD -i wg0 -o wg_vpn -j ACCEPT
But they don't work, unless I make wg_vpn global by:
ip route add default dev wg_vpn
ip -6 route add default dev wg_vpn
Then they work.
But I just want to forward tun0/wg0 to wg_vpn without modify global route table, so may I know how to achieve this?
Thanks in advance!