I’m working on setting up a TrueNAS SCALE server at a remote location for offsite backups. TrueNAS has Wireguard built in, so I figured I would just add it as a client to my existing Wireguard at home running in the HA Add-on to bring the offsite machine into my network.
It occurred to me however that I have never tried to connect to a Wireguard client peer from inside my home network. Usually its the other way around!
If I want a remote client connected to my HA Wireguard to be reachable as though it were inside my local network, how could I do it?
I added a route to my router to send traffic destined to the wireguard subnet to my HA host, but it seems that traffic just stops there at the host. I think I need to set up some kind of route from the host into the hassio docker network, and somehow to the wireguard container? Has anyone ever done something like this?
For anyone out there looking for a solution to this, I found it!
On the HA host, add a route to the address of the wireguard server on the hassio network:
sudo ip route add 172.27.66.0/24 via 172.30.33.10
In my case, the peers are on the 172.27.66.0/24 subnet, and the ip of my wireguard container on the hassio network is 172.30.33.10.
Then in your router config, add a static route pointing the wireguard subnet to the Home Assistant host. In my case, the host is at 192.168.1.198. So I set up a static route for Network Destination=172.27.66.0, Subnet Mask=255.255.255.0, and Default Gateway=192.168.1.198.
I also had to add this rule to iptables on the HA host: