Hi,
maybe someone can help with this. Im using the docker variant.
I would like to reach “Service 1” running on an IP bind within a separate internal network. My only way “in” is via a Firezone client.
I tried the documentation but imo this is different as i not only want to reach another client but i also want to reach a service running in another privat net.
I have already set the allowed IPs on both clients to 10.10.10.2/32.
Any hints are highly appreciated!
You’ll need the other client to function as a router, turning on packet forwarding and SNAT/ masquerading in order for the packets to be routed properly.
Any hints on how it could look like? I tried quite a few things but it just wont work. 
IP Forwarding is enabled.
This is what i think is the most reasonable?
ip route add 10.10.10.2/32 via 10.3.2.1 dev wg
Ok for some reason this works perfectly fine with a standalone version of wireguard.
Is there any way to view the wireguard config file firezone is using?
Best
Ah, the issue is likely because Firezone only uses /32 and /128 for AllowedIPs for Peers in the server-side config. Allow overriding the server-side generated AllowedIPs for a device. · Issue #567 · firezone/firezone · GitHub should fix this.
Amazing! Yes this is exactly what i was looking for. Im excited to try it in the upcoming versions 
Thanks for your time and help!