Knowledge Base

I read on the Internet that you can route all traffic through your vpn to your house to take advantage of everything you already run for your home network. For me, this includes robust ad- blocking, and of course various network services not available to the public. To extend my new, fancy wireguard vpn, I took some extra steps so I could route all traffic through my home network.

On server

On my wireguard "server" (the peer that is at my house) I added firewall rules. At first I fiddled with nftables (which has supplanted iptables), but eventually found that I was supposed to use firewalld on CentOS 8.

sudo firewall-cmd --add-masquerade --permanent

And then set sysctl value to allow forwarding.

sudo sysctl net.ipv4.ip_forward=1

And for permanency, set file /etc/sysctl.d/wg.conf:

net.ipv4.ip_forward = 1

On client

And then add on the Android client the allowed IP address 0.0.0.0/0. The Android app adds the correct routing already!

References

Weblinks

1. How to setup a VPN server using WireGuard (with NAT and IPv6)
2. Beginners Guide to nftables Traffic Filtering - Linux Audit
3. WireGuard on Alpine Linux with nftables
4. Using FirewallD as a Linux Router | A Little Guy and His Blog