Tunnel IPs over Wireguard

Ever wanted to securely tunnel a subnet (eg, /29) over Wireguard? Now you can! No more GRE required.

On your VPS (or, IP endpoint), you'll want to install Wireguard and setup your peer as your server (or, whichever device will be receiving these IPs). I won't be demonstrating that in this guide, but there's tons of good guides on the internet that describe this already.

Now, from your VPS, make sure the /29 is not bound to any interface and then execute this command:

ip route add $IPS/29 via 192.168.2.2 # peer is 192.168.2.2 (replace as your situation dictates)

That's all you need to do from the VPS! Now, head over to your server to get things really prepared. This system runs Ubuntu, so the commands have been tested against Ubuntu 20.04 and Debian 10:

echo "100 TUNNEL" >> /etc/iproute2/rt_tables
ip rule add from $IPS/29 lookup TUNNEL
ip route add default via 192.168.2.1 table TUNNEL # replace 192.168.2.1 with your wireguard servers internal IP

Now you're ready to bind the IPs to your network interface and utilize them. In my case, I've created a dummy interface to place with them:

ip link add dev iptun0 type dummy
ip addr add $IPS.1/29 dev iptun0 # repeat for every digit in the IP range, example below
ip addr add $IPS.2/29 dev iptun0 
ip addr add $IPS.3/29 dev iptun0 
ip addr add $IPS.4/29 dev iptun0 
ip addr add $IPS.5/29 dev iptun0

Tada! You have now successfully tunneled your IPv4 subnet (in this case, /29) from your remote machine with the IPs (VPS, Dedicated Server, Cloud Environment) to another system. All traffic will flow through Wireguard now!

Best of luck and enjoy!