Access LAN of Wireguard client

mathieu · March 15, 2021, 11:52pm

Hello,

My GL-AP1300 (Cirrus) is running a Wireguard client, which is connected to a Wireguard endpoint on the Internet.
From this point, how do I access the router LAN from outside? I spent many hours setting static routes, adding firewall rules, etc. with no success.

Please note that I don’t want to run a Wireguard server on my router (I’m using 4G LTE with Carrier-grade NAT so I don’t have any public IP I can access from outside).

Here is my Wireguard client config

[Interface]
# Name = 4G router
PrivateKey = [private key]
Address = 10.1.0.2/32

[Peer]
# Name = Wireguard server
PublicKey = [public key]
Endpoint = [public IP]:51820
AllowedIPs = 10.1.0.1/16
PersistentKeepalive = 25

Thanks for your help!

funfun · March 16, 2021, 6:32am

And how is your wireguard server config?

mathieu · March 16, 2021, 8:47am

Here is the Wireguard server configuration:

[Interface]
# Name = AWS Wireguard server
PrivateKey = [private key]
Address = 10.1.0.1/16
ListenPort = 51820

[Peer]
# Name = 4G router
PublicKey = [public key]
AllowedIPs = 10.1.0.2/32,10.1.1.1/24

As you can see, I use the 10.1.0.xxx range for Wireguard interfaces.
But the router LAN (the one I want to access) is in the 10.1.1.xxx range.

The Wireguard handshake is successful and from the Wireguard server, I can ping the Wireguard client (10.1.0.2). But I can’t access any machine in the 10.1.1.xxx LAN.

funfun · March 16, 2021, 8:58am

Things to check:

IP forwarding on “client”
masquerade rules on “client” (from wireguard → LAN)

alzhao · March 16, 2021, 11:15am

Astrorelay is the solution developed for you.

You can set up wireguard server and then relay it to public IP. Then connect to it.

nikito7 · May 27, 2021, 1:05pm

Use a separate subnet for wireguard

And config forwarding lan > wireguard zones

pananok · May 31, 2021, 8:16pm

Hi,
I have a same problem (GL-X750v2 problem with Wireguard client)

I don’t understand, can you clarify your answer ?