Brume: Access WGUI an ssh via WAN from main-router

AleksCee · December 7, 2019, 9:40pm

Hello,

I like to use the Router as an Wireguard Server behind my cable router. So I have configure a static ip for the WAN Interface via the GUI. Then I enable in the firewall port 80 and 22 to access the router from the network of the WAN interface. All is good. But if I start the wireguard Server some additional firewall rules are enabled and I have no access from the WAN interface to the web or ssh servers on the router to configure my clients any more. Only the access over LAN ports at the Brume works. But I don’t want to connect a extra pc to the LAN port for configuration. Have you a any hints for me how doses this could by work?

ISP <> my router (192.168.1.0/24) → WAN of the Brume (192.168.1.223) with the wireguard.

I like to access the web and ssh on the Brume from my 192.168.1.0/24 network.

Thanks, Alex.

sfx2000 · December 8, 2019, 11:53pm

Put Brume behind the FW, and let it be the WG end-point

Fix it’s IP to a static IP inside your LAN, and port forward just the WG ports.

Don’t need to do port forwards other that WG on the edge router

AleksCee · December 9, 2019, 6:09am

I have do this, but if the WG Server is started I can’t access the static ip any more.

sfx2000 · December 10, 2019, 3:36am

Check your setup… WG, like OpenVPN, when acting as a server, you likely will have to come into the LAN from the outside if your Gateway doesn’t support NAT redirection.

In the example below, Brume is 192.168.8.189, port forwarding SSH and WG - this screenshot is not from Brume, it’s from the GW router.

AleksCee · December 10, 2019, 5:58am

Hi,

My problem is actually not the WG access. I can access the Brume from my Lokal lan on the static ip 192.168.1.223 from the devices at my main router. But if I start WG I can’t access the Brume web Interface any more.
I only can access it via a client which is connected via WG. But I like to manage the Brume from my main lan if the WG is running.

Something after starting wg seams to block the access to the webGUI on the WAN interface which is connected to the main routers lan.

Main router 192.168.1.1/24
Brume WAN 192.168.223 (static)
Brume LAN 192.168.8.1/24 (the default)
Brume WG 10.0.1.0 (the default)

hydn · April 20, 2021, 4:09pm

Did you get this to work?

AleksCee · April 20, 2021, 5:23pm

No, I have not try any further after this post. Have you get it to work?

hydn · April 20, 2021, 5:46pm

Just purchased. Going to try to use to provide VPN to all devices connected to my edge router. So will let you know.

AleksCee · April 20, 2021, 6:12pm

Cool, good luck! I‘m happily awaiting your results.

hydn · April 28, 2021, 1:00pm

I got it two work. There’s documentation on that. Forgot the link but it told me to setup these two options. After I did that it worked…

Found another doc page, but don’t remember the other page that gave the specific instructions. But here’s the excerpt from the other page:

Use VPN for all process on the router : Generally, the traffic of all processes running on the router such as GoodCloud will be routed through VPN if there is a connected VPN client (e.g. WireGuard, OpenVPN, Shadowsocks). In this case, these processes will lose Internet if VPN is disconnected. In order to ensure a proper operation of these processes, you can disable this option. As a result, they will not use VPN. - VPN Policies - GL.iNet Router Docs 3

Oh, also I added port forwarding on my router for ports 80 and 443 to the Brume’s IP address. Don’t forget that step! haha. Also found that by searching forums:

Edit: Make the policy change and just apply port forwarding for ssh ports also if you want remote SSH which I just tested also.

Now my issue is, last night the internet/VPN dropped and the router does not auto-reconnect. Hoping to find a solution to that! That’s a deal-breaker for me.