Client → Server1 → Server2 → Public Internet

root@vps:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.0.1        0.0.0.0         UG    0      0        0 enp0s3
0.0.0.0         10.0.0.1        0.0.0.0         UG    100    0        0 enp0s3
8.8.8.8         0.0.0.0         255.255.255.255 UH    0      0        0 wg0
10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 enp0s3
169.254.0.0     0.0.0.0         255.255.0.0     U     100    0        0 enp0s3
172.16.1.0      0.0.0.0         255.255.255.0   U     0      0        0 wg0

[Interface]
PrivateKey = xxxxxxxxxxxxx=
Address = 172.16.1.10/32
DNS = 1.1.1.1

[Peer]
PublicKey = Publiczny Serwer1
AllowedIPs = 172.16.1.6/32, 10.0.0.0/24, 8.8.8.8/32, 8.8.4.4/32
Endpoint = IP_Serwer1
PersistentKeepalive = 25

[Interface]
PrivateKey = PrivateKey 
Address = 172.16.1.6/24
SaveConfig = false
ListenPort = 51820
DNS = 1.1.1.1/32

PostUp = iptables -I FORWARD -i enp0s3 -o wg0 -j ACCEPT; iptables -I FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE; sudo iptables -I INPUT -i enp0s3 -p udp --dport 51820 -m state --state NEW,ESTABLISHED -j ACCEPT
PostDown = iptables -D FORWARD -i enp0s3 -o wg0 -j ACCEPT; iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o enp0s3 -j MASQUERADE;sudo iptables -D INPUT -i enp0s3 -p udp --dport 51820 -m state --state NEW,ESTABLISHED -j ACCEPT


#SERWER 2
[Peer]
PublicKey = Publiczny Serwer 2
AllowedIPs = 172.16.1.3/32, 8.8.8.8/32
Endpoint = IP Serwer 2
PersistentKeepalive = 60

config interface 'wg0'
    option proto 'wireguard'
    option private_key 'private_key='
    option listen_port '51820'
    option delegate '0'
    list addresses '172.16.1.3/24'

config wireguard_wg0
    option description 'SERWER1 '
    option public_key 'PUBLICZY_Serwer1'
    option persistent_keepalive '25'
    list allowed_ips '172.16.1.6/32'