AXT1800 WireGuard: No LAN Access

Technical Support for Routers
1

I am set up as a test on my LAN using v4.1.0. My Asus router is 192.168.0.1, and LAN is 192.168.0.1/24

I finally got internet access via WireGuard, but no LAN access. My config is:
[Interface]
Address = 10.0.0.2/24
ListenPort = 64818
PrivateKey = …
DNS =
MTU = 1420

[Peer]
AllowedIPs = 10.0.0.2/24, 192.168.0.0/16
Endpoint = 47.188.221.8:51820
PersistentKeepalive = 25

I enabled remote LAN access and Masquerading in the client config. I tried masquerading off too.

In Luci, I later set firewall forwarding as: wgserver->LAN: Fordward Accept

firewall
firewall956×319 16.3 KB

sudo wg show, indicates:
allowed IPs: 10.0.0.2/32

What did I miss for 192. LAN access?

2

Allowed IP for lan 192.168.0.0/24.
Naturally the client lan has not to be the same…

3

As far as I understand, it is because of you are using a different router.
If you plugin everything into the GL router, it should work.

There is a “drop-in gateway” mode on GL router.
You may want to take a trial.

4

Ok, let’s get a little more basic. What exactly are you trying to do, and what is your topology?

You have an ASUS router at 192.168.0.1, and your LAN is 192.168.0.0/24. Are you trying to:

  1. run a wireguard server on your ASUS router and trying to connect in via a wireguard client to the ASUS from a remote location?
  2. run a wireguard client on your gl-inet router from within your LAN and trying to route traffic from other devices out over that?
  3. something else?

It’s not very clear from your post what exactly the topology is and how you imagine this is supposed to work.

5

jdub,

Number 2 above, thanks.

As y2kbug indicates, I can see a challenge with my LAN being the AXT1800 wan, basically. But it seems there should be a solution.

6

There are solutions, but they are messy as hell. You could try gl-inet’s “drop in” mode, but that involves (as I understand it) ARP poisoning and all sorts of things you don’t really want to do (IMO). It’s so much cleaner to run the VPN client on the edge of the network if that’s what you’re trying to accomplish.

To put it a little differently, you’re essentially asking for the gl-inet to actually be the router anyway (you want all of your devices to pass traffic through it, which it’s going to hand directly to the ASUS). Just get the ASUS out of the loop, or stick the gl-inet upstream of it.

7

More explicitly, if you’re wanting to use the gl-inet as just a VPN client for your entire network, take it and plug its wan into your cable/fiber modem, then plug your ASUS wan into the gl-inet LAN. From there you can use 0.0.0.0/0 as your allowed ip range on the client and it will forward all traffic. Your current LAN/wireless setup will stay the same, you can turn off wireless on the gl-inet and I think everything will work like you want it to.

This assumes of course you’re not trying to forward selective devices - you want to forward everything.

8

Thanks you for your input.