Can’t access LAN addresses when passing all traffic via WG VPN tunne

Technical Support for Routers VPN, DNS, Leaks
1

Hi,

I’m trying to make it work on my AX1800 and for some reason only internet traffic goes through VPN tunnel.

wg.conf file I use for the router specifies the following:
[Interface]
Address = 192.168.10.5/32
ListenPort = 51542
PrivateKey = [key]
DNS = 192.168.10.1
MTU = 1420

[Peer]
AllowedIPs = 192.168.1.0/24, 192.168.2.0/24, 0.0.0.0/0
Endpoint = someip:someport
PersistentKeepalive = 25
PublicKey = [key]

I want to get access to 192.168.1.x and 192.168.2.x subnets via VPN too. If I use same config from my laptop directly everything is fine.

In the router I tried enabling / disabling IP masquerading, switching Autodetect and Global proxy mode and enabling / disabling Remote Access LAN. Using latest firmware v4.5.0

Could you suggest what am I missing here?

2

Watching this as I’m having the exact same issue. Like yourself, tried every combination of toggles, dns in the config, etc. Connects, but no access to the remote lan. Using the exact same settings in windows wireguard client, everything works perfect.

Anyone have an insight?

3

Can you let me know the typography of the server side?

How does these subnet connected to each other, 192.168.1.0, 192.168.2.0 and 192.169.10.1?

I think it should just work. But better to do a check.

4

In my case, server side is the latest version of OPNSense, home network is on a 192.168.10.x subnet. Wireguard is using 10.50.50.x and local network on GL-AXT1800 is using 192.168.69.x.

Wireguard will connect, but there is no remote lan connectivity. Checking external IP, it will show remote network (server) side external IP.

It appears to be a DNS issue, even if it’s configured in wireguard to use remote DNS.

Using the exact same client configuration in the windows wireguard client on the same device, everything works perfect. Remote DNS works, can access network resources, etc.

C…

5

To rule that out, try pinging IPs instead of hostnames.

6

Tried numerous times while changing toggles and setting DNS= in wireguard config. Cannot ping by IP or name.

Tracert to any IP on remote network fails on first hop and dies.

7

When I first got the device, it auto-updated to 4.5.0. Since then, I’ve tried with 4.5.16 beta and just now did uboot back to 4.5.0 just to make sure it wasn’t an upgrade issue.

Problem still persists. Wireguard will connect, ipchicken returns remote network external IP, but no DNS resolution to remote network.

Windows wireguard client with exact same settings works perfectly.

C…

8

Are you using Global proxy mode?
image
Can you switch to that, if it still doesn’t work, export log and send me by Private message.

9

OPNSense with Wireguard server on it.

192.168.1.0 and 192.168.2.0 are managed by OPNSense LAN networks.
192.169.10.0 is subnet of wireguard server for this VPN connection. 192.169.10.1 is ip address of OPNSense.

I use default subnet 192.168.8.0 on AX1800.

10

@cfx69 found the issue happens when the local wan subnet has a conflict with remote LAN subnet.

To check the route to remote LAN:

ip route get 192.168.1.0/24

It should go by wgclient interface.
If it goes by eth/repeater interface, then the conflict exists.

Two workarounds:

  1. change local wan ip subnet

  2. add a route:

ip route add 192.168.1.0/24 dev wgclient scope link

The correspondent permanent setting can be done in luci, Network-routing: add a route like the following:

image
image889×328 9.87 KB

I think workaround 2 will be adopted in our future firmware release.

11

Thanks, I can access my local networks now via vpn. Used workaround 2.