Login the web interface of AX1800, go to VPN > WireGuard Server and click on the Generate Configuration button. Then Click on the Start button to enable the WireGuard Server.
Note: make sure the Endpoint is the same as the WAN IP address of this router, if not, you shall config port forward for this IP address. Here in this example, the WAN IP address of this router is 192.168.89.173, I can just use this IP address instead since the client and server are in the same internal subnet.
Go to VPN > VPN Dashboard, click the Setting icon and enable the Allow Remote Access LAN option.
Go to VPN > VPN Dashboard, select the proxy mode to Auto Detect, and click on the Setting icon to enable Allow Remote Access LAN. Then enable the WireGuard client.
The target address shall be set as the subnet of the VPN client router. Here it is 192.168.100.0/24 in this example. And the gateway is the client router virtual IP 10.0.0.2 in the previous step. After that, back to VPN Dashboard and restart the WireGuard server, to take the route rule into effect.
I’m using a similar approach with GL firmware 3.x, just by setting the WG server on one end, generating a config file that I use to set another GL.iNET router as the WG client, it has worked great. Some minor issues like when the client loses power it doesn’t always connect back, but overall it’s a great way to expand the LAN across the pond.
I have followed this guide but it doesnt work to reach 192.168.100.1 from clients which connect to the wireguard server. is there anything else to add to the routing to make it work?
I have successfully linked left (192.168.100.1) and right (192.168.8.1) routers through this howto. But when I connect from the phone (bottom) device to right wireguard server. I cant reach the left router (192.168.100.1)
I can access 192.168.100.1 from the 192.168.8.0 LAN, but I cant access 192.168.100.1 from the wireguard client through my phone.
For the phone I have added another Wireguard client config (10.0.0.3). the link between the routers use 10.0.0.2
If the WireGuard client side is a GL-iNet router (e.g. GL-X3000), but the server side is not (e.g. TP-Link), are any extra steps required to make this work for full site-to-site connectivity? I have successfully established the WireGuard connection (green dot on client side), but cannot ping/reach network hosts behind the client router from the server side. I have chosen the GL-X3000 router to be a WireGuard client instead of server, because it is behind CG-NAT, and setting it up as a server would require use of the AstroRelay service which makes the implementation more complicated.
Do we need to create any static routes on the WireGuard client side also? The example above only shows a static route created on the Server side. If required, can this be done via the web GUI interface, or do we need to SSH into the router or use LuCI.?
