Wireguard Site2Site with mobile office
Unless you have some additional firewall rules set up on the Lan1 gateway host, traffic from your "road warrior" cell phone will be forwarded from your Lan1 gateway to your Lan2 gateway using the phone's original WireGuard source address of 10.100.1.2
. So you need to add the phone's address to the AllowedIPs
setting in the WireGuard configuration for the Lan2 gateway host:
AllowedIPs = 10.100.1.1/32, 10.100.1.2/32, 10.240.0.0/24
The Lan2 gateway will drop any packets it receives from its WireGuard connection with the Lan1 gateway when the packet's source address is not included in this AllowedIPs
setting.