Hi all, wondering if what I’m wanting to do is possible before I spend a heap of time working it out.
I’ve got a Vyos wireguard ‘server’ with wg interface IP 10.10.30.1. I’ve got 2 x road warrior ‘clients’ (10.10.30.11 and 10.10.30.12) that are both connecting to the server, but not each other.
Is it possible, with the right config, for peers .11 and .12 to communicate with each other using .1 as a gateway/router rather than being directly connected?
Thanks
It will work as you expected 
All traffic will go via central “hub” .1
And there are no session between peers without central gateway in this case
Well would you look at that… easy as!
I’ve got one additional layer of complexity that I’m stuck on now. I’m trying to route as follows:
Desktop - (local subnet) - Vyos A - (wireguard) - Vyos B - (wireguard) - laptop.
When I try to ping the laptop wireguard address from the desktop, wireshark shows that there is no response, but Vyos B bounces back a ‘Redirect for host’, which I presume means I need to fix up a routing table somewhere?
What routes do you push to WG client?
I’d include 10.10.30.0/24
Yes, the clients have those routes, I presume they are working because they can see and ping the wireguard addresses anywhere on the wireguard network.
It’s just the route between the desktop that is trying to use a wireguard peer as a gateway to the laptop that not peered directly to that gateway that is giving me trouble. Writing it like that makes it sound silly to even try.
Let me try to explain the context better. I have a couple of machines on my local network that I use for remote support of my clients devices. My devices are connected to my Vyos A instance (LAN), their devices are connected to their Vyos B instance (wireguard) and the Vyos instances are connected to each other (wireguard). The ‘master’ wireguard node is their server, my office is a client.