Hybrid Networking — Azure ↔ Homelab
Architecture
Homelab (192.168.20.0/24)
│
[WireGuard on host01] — 10.8.0.2
│ tunnel: 10.8.0.0/24
│
[vm-relay01 / Azure] — 10.8.0.1
│
[vnet-homelab-east: 10.1.0.0/16]
WireGuard — Azure Side (vm-relay01)
[Interface]
PrivateKey = <azure-vm-private-key>
Address = 10.8.0.1/24
ListenPort = 51820
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
PublicKey = <homelab-public-key>
AllowedIPs = 10.8.0.2/32, 192.168.20.0/24
WireGuard — Homelab Side (host01)
[Interface]
PrivateKey = <homelab-private-key>
Address = 10.8.0.2/24
[Peer]
PublicKey = <azure-vm-public-key>
Endpoint = <pip-vpn-ip>:51820
AllowedIPs = 10.8.0.0/24, 10.1.0.0/16
PersistentKeepalive = 25
NSG Rules
| Priority |
Name |
Direction |
Protocol |
Port |
Action |
| 100 |
Allow-WireGuard |
Inbound |
UDP |
51820 |
Allow |
| 200 |
Allow-SSH-admin |
Inbound |
TCP |
22 |
Allow |
| 65000 |
Deny-All-Inbound |
Inbound |
Any |
Any |
Deny |
Testing Connectivity
ping 10.8.0.1 # Azure WireGuard peer
ping 10.1.1.x # Azure VM private IP
sudo wg show # WireGuard status