Evaluating bids

Expert Needed: Configure Wireguard + Ipsec Full-Tunnel on Zyxel Usg Flex with Contabo Vps

Published on the December 04, 2025 in IT & Programming

About this project

Open

A senior network engineer is urgently required to configure a full-tunnel VPN setup involving WireGuard and IPSec. The objective is to route all network traffic from a local area network (LAN) and WireGuard clients through a Contabo vps, ensuring that the public ip seen for all internet traffic originates from the vps. The current setup has an IPSec VTI tunnel established and active, and a WireGuard server running on the Contabo vps with nat configured using iptables masquerade. MacOS WireGuard clients can connect with a handshake, and the Contabo server can reach the internet normally. However, LAN traffic is not routing through the tunnel, Wireguard client traffic is not routing through the vps, no icmp or other traffic from the lan is visible on the vps, and there appear to be incorrect or missing routes on the zyxel firewall.

Environment details:
Contabo VPS:
- WireGuard IP: 10.7.0.1/24, Port 51820
- Public IP: 185.185.80.71
- Ipsec vti interface: vti100
- nat configured using iptables masquerade

zyxel usg flex 100:
- lan1: 192.168.1.0/24
- LAN2: 192.168.2.0/24 (optional)
- Requires correct Policy Route and SNAT configuration

WireGuard Client (Mac):
- AllowedIPs: 0.0.0.0/0
- Stable connection, but no internet access through the tunnel yet

Deliverables for the freelancer:
- Ensure internet connectivity for both LAN users and WireGuard clients through the Contabo VPS.
- Verify that the public ip address seen by external services is consistently the vps ip (185.185.80.71).
- Implement and verify correct Zyxel routing and NAT configuration.
- Identify and fix any missing firewall rules or MTU-related issues.
- Provide comprehensive documentation of all changes made to the configuration.

This is a high-priority project, and a solution is needed as soon as possible. The client has already spent several days attempting to resolve these issues and now requires a senior engineer to finalize the setup professionally and quickly.

Category IT & Programming
Subcategory Web development
What is the scope of the project? Create a new custom site

Project duration Not specified

Skills needed

FireWall Networking Design Network Engineer Linux TCP/IP Scripts & Utilities Testing Technical Support

Want to start working on this project?

Log into your Workana account or Register today. Boost your freelance work!

Other projects posted by F. F.