Access LAN of Wireguard client


My GL-AP1300 (Cirrus) is running a Wireguard client, which is connected to a Wireguard endpoint on the Internet.
From this point, how do I access the router LAN from outside? I spent many hours setting static routes, adding firewall rules, etc. with no success.

Please note that I don’t want to run a Wireguard server on my router (I’m using 4G LTE with Carrier-grade NAT so I don’t have any public IP I can access from outside).

Here is my Wireguard client config

# Name = 4G router
PrivateKey = [private key]
Address =

# Name = Wireguard server
PublicKey = [public key]
Endpoint = [public IP]:51820
AllowedIPs =
PersistentKeepalive = 25

Thanks for your help!

And how is your wireguard server config?

Here is the Wireguard server configuration:

# Name = AWS Wireguard server
PrivateKey = [private key]
Address =
ListenPort = 51820

# Name = 4G router
PublicKey = [public key]
AllowedIPs =,

As you can see, I use the range for Wireguard interfaces.
But the router LAN (the one I want to access) is in the range.

The Wireguard handshake is successful and from the Wireguard server, I can ping the Wireguard client ( But I can’t access any machine in the LAN.

Things to check:

  • IP forwarding on “client”
  • masquerade rules on “client” (from wireguard → LAN)
1 Like

Astrorelay is the solution developed for you.

You can set up wireguard server and then relay it to public IP. Then connect to it.

Use a separate subnet for wireguard

And config forwarding lan > wireguard zones

I have a same problem (GL-X750v2 problem with Wireguard client)

I don’t understand, can you clarify your answer ?