I am trying to understand how this “Allow Remote Access LAN” work.
Let’s say my LAN is 192.168.0.x. I start a WireGuard server on the router and I connect to it from a client so the client gets an IP of 10.0.0.2.
Does this function mean that if I have a NAS on my LAN 192.168.0.100 I will be able to access it somehow from the VPN client? I guess I will need some extra firewall settings for that? And what about the client side, how my windows client will know the route to 192.168.0.100 from the VPN network?
I believe that I am working on exactly the same problem. I have a local LAN, 192.168.0.1/24, and a GL-AR300M with Wireguard VPN server configured, and remotely accessing this from the internet using Wireguard Win-10 client on a laptop PC.
The tunnel activates and connects, and works fine to route from the remote laptop PC through the GL-AR300M server, and on out to the internet. However, I cannot access anything on my LAN, with the exception of the GL-AR300M server itself.
I have enabled the “Allow Remote Access LAN” function.
I have added 192.168.0.1/24 to the AllowedIPs in the WireGuard client.
I have tried all kinds of permutations of the server/client IP’s. I’ve spent hours trying things, and nothing seems to work. What am I missing?
Here’s a rough block diagram. What I want is to remotely access all of the devices on my home LAN, from my remote PC. I’d think this is the very most basic definition of a VPN.
All I can seem to do is tunnel from my laptop client to the VPN server and out to the internet. From my remote laptop, I cannot ping anything on my home LAN other than the GL-AR300M VPN server.
One of the first things I did was put the LAN network “192.168.0.1/24” into the client “Allowed IPs” configuration.
I’ve actually done, and undone, this at least 20 times. Never solves the problem.
Here’s a screen capture. Please take a look and tell me if it’s still wrong?
I know the address of 192.168.1.X is not the same as 192.168.0.X. I was experimenting with trying a different subnet.
First connect only the wan of your gl-inet router to your main router and disconnect lan from it then insert 192.168.0.0/24 in alloweds ip of WG client config.
In WG server of gl-inet router enable “Allow Remote Access LAN”.
If I disconnect the LAN port, I’m thinking that I have no way to talk to the GL-AR300 router for configuration? But I’ll try it right now.
For the other:
Inserting the allowed IP 192.168.0.1/24, or 192.168.0.0/24
selecting “Allow Remote Access LAN” at the server
As I posted, and showed in the screenshots, I’ve done this over and over and over and over and over again, for days, all to no avail. So either I’m doing it wrong, or something else is wrong, or it just doesn’t work.
I just tested it, and if I disconnect the LAN port on the GL-AR300 router, I can no longer reach the router’s management interface. Is there something else I need to do, in order to for it work both the LAN and WAN through the WAN port?
First, the LAN segment where your PC is located cannot be 192.168.0.0/x.
Next, check the routing on your PC. With AllowedIPs configured and the wireguard client running, execute the following command.
I don’t believe the LAN segment where my remote laptop PC is, is 192.168.0.0/x, but I believe it is 10.0.0.3.
Look at the screen shots which I previously attached. Am I misunderstanding?
Here’s the results of the print route and tracert
NOTE: my network devices that I care about reaching are in the 192.168.1.0/24 subnet. But I’d be incredibly super happy to be able to route to either 192.168.1.0/24 or the 192.168.0.0/24 subnets.
No, a tracert from the remote laptop PC will not reach 192.168.1.10, and it will not reach 192.168.1.12. I cannot reach anything on the 192.168.1.x subnet, except for 192.168.1.253, which is the GL-AR300M VPN server.
C:\Users\TOUGHBOOK 31 MK5>tracert 192.168.1.10
Tracing route to 192.168.1.10 over a maximum of 30 hops
1 100 ms 57 ms 58 ms 10.0.0.1
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * ^C
C:\Users\TOUGHBOOK 31 MK5>tracert 192.168.1.12
Tracing route to 192.168.1.12 over a maximum of 30 hops
1 96 ms 57 ms 56 ms 10.0.0.1
2 * * * Request timed out.
3 * * * Request timed out.
4 * * ^C
C:\Users\TOUGHBOOK 31 MK5>tracert 192.168.1.253
Tracing route to 192.168.1.253 over a maximum of 30 hops
1 51 ms 62 ms 56 ms 192.168.1.253
Trace complete.
If 10.0.0.1 is the virtual IP on your AR300M, then the router appears to have no problems.
Because your AllowedIPs already contain 0.0.0.0/0, the routing table is correct even if 192.168.1.0/24 is not added. Traffic packets will also reach the gateway correctly.
Please check LuCI → Network → Firewall on the AR300M and make sure that wgserver → lan is accepted.