[Problem] How to obtain a public IP via wireguard

[lorbet]

Hello,

I have a Fritz Box 7590 and I'm trying to set up a VPN connection so that I can obtain a public IP to use directly.

On the other end is a linux host running wireguard and it has two public IPs.

If I set up the connection to use a private network, everything appears to be fine, but if I try to assign one of the remote public addresses to the Fritz Box, the test fails (although on the linux machine I can see no traffic).

Things work when using linux machines on both ends.

This is my current configuration

[Interface]
PrivateKey = <local private key>
Address = <public IP 2>/32
DNS = <some publicly accessible nameserver>

[Peer]
PublicKey = <remote public key>
PresharedKey = <shared PSK>
AllowedIPs = <one particular address to be routed through the VPN>
Endpoint = <public IP 1>:51820

but the Fritz box won't accept it.

Does anyone here use a vpn connection in this fashion? How can the Fritz be made to "digest" such a configuration?

Thanks

 

[frank_m24]

Address = <public IP 2>/32

This of course will not work. The Fritzbox needs an address out of the wireguard net of the linux host. See: https://en.avm.de/service/vpn/setting-up-a-wireguard-vpn-between-the-fritzbox-and-another-router/, in particular the note in chapter 2.
So you can't route the second public IP directly to the Fritzbox.

On the linux host you have to ensure the VPN traffic is routed through the second public IP using policy based routing. For the other direction you need to establish port forwarding rules.

 

[lorbet]

So you can't route the second public IP directly to the Fritzbox.

I forgot to mention that I use proxy-arp on the other end, which allows this to happen. At any rate it works on my local linux system.

So, it truly is the local address. Is there a way to convince the Fritz to accept this unusual setup?