Here’s a rough block diagram. What I want is to remotely access all of the devices on my home LAN, from my remote PC. I’d think this is the very most basic definition of a VPN.
All I can seem to do is tunnel from my laptop client to the VPN server and out to the internet. From my remote laptop, I cannot ping anything on my home LAN other than the GL-AR300M VPN server.
One of the first things I did was put the LAN network “192.168.0.1/24” into the client “Allowed IPs” configuration.
I’ve actually done, and undone, this at least 20 times. Never solves the problem.
Here’s a screen capture. Please take a look and tell me if it’s still wrong?
I know the address of 192.168.1.X is not the same as 192.168.0.X. I was experimenting with trying a different subnet.
First connect only the wan of your gl-inet router to your main router and disconnect lan from it then insert 192.168.0.0/24 in alloweds ip of WG client config.
In WG server of gl-inet router enable “Allow Remote Access LAN”.
If I disconnect the LAN port, I’m thinking that I have no way to talk to the GL-AR300 router for configuration? But I’ll try it right now.
For the other:
Inserting the allowed IP 192.168.0.1/24, or 192.168.0.0/24
selecting “Allow Remote Access LAN” at the server
As I posted, and showed in the screenshots, I’ve done this over and over and over and over and over again, for days, all to no avail. So either I’m doing it wrong, or something else is wrong, or it just doesn’t work.
I just tested it, and if I disconnect the LAN port on the GL-AR300 router, I can no longer reach the router’s management interface. Is there something else I need to do, in order to for it work both the LAN and WAN through the WAN port?
First, the LAN segment where your PC is located cannot be 192.168.0.0/x.
Next, check the routing on your PC. With AllowedIPs configured and the wireguard client running, execute the following command.
I don’t believe the LAN segment where my remote laptop PC is, is 192.168.0.0/x, but I believe it is 10.0.0.3.
Look at the screen shots which I previously attached. Am I misunderstanding?
Here’s the results of the print route and tracert
NOTE: my network devices that I care about reaching are in the 192.168.1.0/24 subnet. But I’d be incredibly super happy to be able to route to either 192.168.1.0/24 or the 192.168.0.0/24 subnets.
No, a tracert from the remote laptop PC will not reach 192.168.1.10, and it will not reach 192.168.1.12. I cannot reach anything on the 192.168.1.x subnet, except for 192.168.1.253, which is the GL-AR300M VPN server.
C:\Users\TOUGHBOOK 31 MK5>tracert 192.168.1.10
Tracing route to 192.168.1.10 over a maximum of 30 hops
1 100 ms 57 ms 58 ms 10.0.0.1
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * ^C
C:\Users\TOUGHBOOK 31 MK5>tracert 192.168.1.12
Tracing route to 192.168.1.12 over a maximum of 30 hops
1 96 ms 57 ms 56 ms 10.0.0.1
2 * * * Request timed out.
3 * * * Request timed out.
4 * * ^C
C:\Users\TOUGHBOOK 31 MK5>tracert 192.168.1.253
Tracing route to 192.168.1.253 over a maximum of 30 hops
1 51 ms 62 ms 56 ms 192.168.1.253
Trace complete.
If 10.0.0.1 is the virtual IP on your AR300M, then the router appears to have no problems.
Because your AllowedIPs already contain 0.0.0.0/0, the routing table is correct even if 192.168.1.0/24 is not added. Traffic packets will also reach the gateway correctly.
Please check LuCI → Network → Firewall on the AR300M and make sure that wgserver → lan is accepted.
I’m not advanced and don’t know if it matters, but I noticed your IP range is defined from x.x.x.100 to x.x.x.249, yet your static assignments are to x.x.x.11 and x.x.x.10 - outside of that range. Could that be causing problems?