My home network is behind CGNAT, I don't get any public IP address. I want to access my home network via Wireguard from mobile clients.
Home Router <----Wireguard----> VPS (Tunnel "A")
Home Router <----Wireguard-----(VPS)----> Mobile Client (Tunnel "B")
Home Router and VPS has OPNSense installed. Tunnel "A" is already up and running. I now want the mobile clients to establish Tunnel "B" through Tunnel "A" by connecting to the VPS'es public IP address.
Currently I use port mapping on the VPS to map the Wireguard port of the Home Router's IP (Tunnel A) to a port of the VPS.
I am struggling with configuring the routing for tunnel B properly. Especially the route back to the mobile client doesn't work, since Home Router doesn't know the IP of the mobile client.
How to establish such a nested tunnel configuration?
Why am I not using the VPS as a router A <--> B
instead of nesting the tunnels? Because I don't trust the VPS fully, and thus I am forced to have the client config on my home router and not the VPS