The original post: /r/vpn by /u/Voyager_Ten on 2024-11-18 15:35:32.

I pay for a commercial VPN service, however I also have my own VPN that I built running on my home network using wireguard. I would like to use my personal VPN, and connect to it with my devices, then, the device that is running the VPN, would connect to my commercial VPN. My goal is to route all my internet traffic through my personal VPN as a protected middleman, which would then allow my data to flow through to the larger commercial VPN without issue.

An added bonus would be if I could also connect to my NAS that is running on the personal VPN device (192.168.1.XXX), while still having the protection of internet traffic being routed through to the commercial VPN.

I asked ChatGPT in all of it’s wisdom for an example on how this would work.

It mentioned editing the /etc/sysctl.conf file with the following forwarding parameters:

net.ipv4.ip_forward = 1

net.ipv6.conf.all.forwarding = 1

As well as the wireguard configuration changing:

[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = <WireGuard Server Private Key>
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o <commercial-vpn-interface> -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o <commercial-vpn-interface> -j MASQUERADE

I’ve never trusted it too much in the scope of security / linux configuration. So I wanted to ask a knowledgable group for some clarification, also to figure out if it was even possible.