Routing from one tunnel to another?

[daankets]

I've setup two tunnels on an USG-4 Pro, one is for a remote site (subnet 10.0.0.0/16), and another in the vpn users network (subnet 10.255.0.0/24). Both tunnels seem to work properly, and come up automatically at boot. But I would like the VPN users in the /24 subnet (OSX) to be able to access hosts on the remote site (/16), and I don't seem to be able to setup the routing correctly... Any hints on how to accomplish this?

[whiskerz007]

I have tested configuring my EdgeRouter to allow traffic between WireGuard peers. This should only be done with care and with an understanding of the risks involved. The following is what was required to get the packets to flow between peers.

set service nat rule 5002 description 'masquerade for wg0'
set service nat rule 5002 log disable
set service nat rule 5002 outbound-interface wg0
set service nat rule 5002 protocol all
set service nat rule 5002 type masquerade

[daankets]

Thanks for the suggestion @whiskerz007! That's more or less the workaround I'm using now. I don't remember what I tried in the meantime and what not.... My setup is was slightly different: I had two wireguard interfaces on the USG: wg0 and wg1. Both ran different tunnels. One was for clients, the other was for site 2 site. And I wanted to allow traffic from the clients to the remote site. As I couldn't get it working properly like ont he USG this, I reverted to the single wg0 interface setup, which works fine ;-)