Access Clients behind Wireguard Client (GL-AR300M)

Akopf · February 22, 2022, 1:43pm

Hello,

i want to access my clients behind a GL-AR300M running with a Wireguard Client on it. These router is behind my ISP Router and connected via WAN Port

My Configs:

ISP Router:
IP: 192.168.0.1
Subnet: 255.255.255.0
Gateway/DNS: 192.168.0.1

GL-AR300M Router:
IP: 192.168.1.1
Subnet: 255.255.255.0
Gateway: 192.168.0.1

How can i connect via RDP from PC in “Network 1” (e.g. 192.168.0.20) to a PC in “Wireguard Network” (e.g. 192.168.1.122) ?

I only put the Wireguard Client Config in the GL-AR300M. This connection also works fine. But i can’t connect via RDP from the other network.

I hope somebody can help me which configuration on the firewall i must apply.

wcs2228 · February 22, 2022, 3:42pm

You can try opening the RDP TCP Port 3389 in the firewall of GL-AR300M via Admin Panel → Firewall → Open Ports on the Router.

I do not work for and I am not directly associated with GL.iNet

Akopf · February 22, 2022, 7:40pm

Thank you for your help, but it didn’t work for me

wcs2228 · February 22, 2022, 8:49pm

I forgot that the destination PC at is on a different subnet,.

If you only have 1 PC that you need to RDP to, then you can add a Port Forwarding rule from TCP WAN Port 3389 to LAN IP 192.168.1.122 Port 3389 via Admin Panel → Firewall → Port Forwards.

I do not work for and I am not directly associated with GL.iNet

alzhao · February 23, 2022, 8:57am

As your PC behind AR300M goes to the VPN, you cannot access it from network 1. Port forward also does not work.

You should use vpn policy and do not use vpn for 192.168.0.1/24 network. Then port forward should work.

Akopf · February 23, 2022, 10:07am

Thanks again for your help.

I have used the vpn policy and the port forwading, but i can’t even connect via rdp

Fastpatch · February 23, 2022, 10:23am

Have you tried activating DMZ on the ISP Router to forward all open ports to the GL unit?
Should be easy to do and is worth a try.

Edit: To access clients behind the GL unit you might need to add a firewall rule on the GL Router to forward the required port to the client.
External zone: Wireguard
Internal zome: Lan

This is just a rough guess… good luck!

Akopf · February 23, 2022, 12:12pm

I configured that all open open ports go to the gl router.

I also set the firewall rule from wireguard to lan.

But i didn’t work.

Is a static route an option for this problem?

wcs2228 · February 23, 2022, 5:59pm

I tested on my GL-AR1000W Brume with OpenVPN Client connected, Kill Switch turned on and TCP WAN Port 3389 forwarded to a LAN Windows 10 PC, with no VPN Policy. I successfully connected over RDP from the WAN side to the PC on the LAN side.

You have to RDP to the router’s WAN IP address, which is then forwarded to the PC’s LAN IP address.

I do not work for and I am not directly associated with GL.iNet

Akopf · February 23, 2022, 7:07pm

The problem is solved.

Thank you @wcs2228 wcs2288.

I always wanted to connect to the PC’s LAN address.

Thanks again for your help!