I’ve spent two full days reading, trying and many hours of back and forth with chatGPT, trying to make this work and my brain has turned to mush.
I have a small remote personal server on my business static internet connection that has a wireguard personal VPN setup linking my home and business server along with my personal devices, syncing my files and allowing remote access to homeassistant etc. My home is behind a CGNAT, so this setup works well to get around that.
I’m trying to add a Mullvad VPN (wg1) to the remote server for internet but no matter how I configure it, it always breaks remote access to my server.
There’s no a lot of point posting wg1.conf, I’ve tried so many different PostUp/Down commands, and allowed IP configurations from allowed IP calculator. It would be a literal book trying to post everything I have tried that didn’t work. Everything I try, as soon as I wg-quick up wg1 I get spat out of the SSH session and wg0 stops handshaking.
I’ve really tried to nut this out my own, but I’m defeated, any gurus got a tip?
my wg0.conf is setup like this: this has been working perfectly, connecting via publicip:56502.
This is the exact problem I’ve been experiencing. I’ve been searching for a solution but haven’t found one unfortunately. I’ve come to the conclusion that it’s mullvad.
Hi, the wg0 config looks fine. Do you mind sharing the config used for wg1? What is the intended purpose for the wg1 implementation?
If the purpose of the wg1 interface is to act as the default route so that any traffic coming from wg0 defaults to the interwebs via the mulvad VPN provider, I can see where enabling wg1 overwrites the routes to wg0 breaking the connection.
I would need to look up my notes but it is technically possible to combine them (home devices, remote peer at business, and mulvad peer) into a single wg0 config. The home peer would route all traffic via wg0 and the remote peer on business would route all traffic via mulvad peer. You will need to generate a public key from the mulvad config as to add it to the config on the home peer.
I gave up on this approach. wg1 was supposed to route internet access though a Mulvard VPN for services that I wanted to anonymize, like transmission. I could not find a combination of Iptables and wg configurations that would work, and I could not understand why. No matter what I tried, wg1 would hijack everything and kill wg0 everytime.
I ended up with a wireguard docker container connecting to Mulvard VPN, I then created additional containers for services that I wanted to route though Mullvard and pointed their networks at the Mulvard container. I had to set up nginx on the host to point incoming http connections to the right places within the docker network. Its working as I want now and I think it’s probably a better setup then what I had originally envisaged.
Nice, I have gone with something like that in the past. Recently I have set a LXC container which hosts docker containers that can only reach out to the internet via a paid VPN provider. So docker containers reaching out to the interwebs never go out via my ISP.