Reach service within other internal network


maybe someone can help with this. Im using the docker variant.
I would like to reach “Service 1” running on an IP bind within a separate internal network. My only way “in” is via a Firezone client.

I tried the documentation but imo this is different as i not only want to reach another client but i also want to reach a service running in another privat net.

I have already set the allowed IPs on both clients to

Any hints are highly appreciated!

You’ll need the other client to function as a router, turning on packet forwarding and SNAT/ masquerading in order for the packets to be routed properly.

Any hints on how it could look like? I tried quite a few things but it just wont work. :frowning:
IP Forwarding is enabled.

This is what i think is the most reasonable?

ip route add via dev wg

Ok for some reason this works perfectly fine with a standalone version of wireguard.
Is there any way to view the wireguard config file firezone is using?


Ah, the issue is likely because Firezone only uses /32 and /128 for AllowedIPs for Peers in the server-side config. Allow overriding the server-side generated AllowedIPs for a device. · Issue #567 · firezone/firezone · GitHub should fix this.

Amazing! Yes this is exactly what i was looking for. Im excited to try it in the upcoming versions :slight_smile:
Thanks for your time and help!