Connect clients to Wireguard server

I have been using my GL.iNet GL-MT2500 for about a year. Adguard is set up for blocking and content filtering. Running version OpenWrt 21.02-SNAPSHOT r15812+879-46b6ee7ffc

I want to be able to connect to my home lab while I’m out, as I’ve recently had two events where I needed something on my network but had to way to get it. So I set up the Wireguard Server on my router. But with each configuration I try, I end up with the same result, my phone can connect to the server just fine, handshakes are consistent, but I can’t connect to anything, no internet no internal network. I tried using an app to scan the network, I get the IP address assigned to the phone (by the VPN), but nothing else is on the subnet. When disconnected from the VPN and connected to WiFi, it gives me a good deal on information on each device on the subnet, so I know that app works properly.

Started with the default IP (192.168.20.1/32) and listen port, and default client profile, scanned the QR code with the Wireguard app on the phone.
Tried using 192.168.9.1 as IP with default listen port, and default client profile, scanned the QR code with the Wireguard app on the phone.
Tried using 192.168.8.128/26 (LAN is 192.168.8.1) as IP with default listen port, and default client profile, scanned the QR code with the Wireguard app on the phone.
Tried using 192.168.9.1/32 as IP with default listen port, and default client profile, scanned the QR code with the Wireguard app on the phone.
Tried using 192.168.9.1/26 as IP with default listen port, and default client profile, scanned the QR code with the Wireguard app on the phone.

I tried those IP addresses with the VPN Dashboard, Wireguard Server Options "Allow Remote Access LAN " set to yes, and no. Also tried with “IP Masquerading” set to yes, and no.

Here’s the config of my phone (client), using Wireguard for Android v1.0.20230526
Interface
Addresses: 192.168.9.2/32
DNS Servers: 64.6.64.6
Listen port 59940
MTU 1420
Peer
Allowed IPs 0.0.0.0/0,::/0
Endpoint: redacted.glddns.com:51820
Persistent keepalive: every 25 seconds
Latest handshake 7 seconds ago

I can’t figure out what I’m missing, as it does not work even with default settings which I would expect to work.

My goal is to be able to connect my phone to the Wireguard VPN and be able to access my homelab stuff. Services such as Home Assistant, NAS, KDE Connect, SSH, NoMachine (VNC type), JellyFin, etc. Everything in the lab is set up to allow access to my LAN subnet, 192.168.8.1/24. Some services will allow a second subnet to be granted access, but several are designed for consumers so ONLY ALLOW the one subnet which must be the one the server is in. I would like to have internet access also while connected, so I don’t need to turn the VPN on and off much and would benefit from the Adguard setup on the router.

Try changing MTU to 1348 in your config on your phone.

Doesn’t every machine on the network have to be registered with wire guard?

I tried setting MTU to 1348, doesn’t change behavior.

I don’t think my internal devices need to be listed in Wireguard, only the devices that will connect to it remotely.

What if you change to 1280?

What phone are you using?

Using S21, latest updates are installed.

I tried setting MTU =1280. Still no internet. To rule out DNS I tried ping to 9.9.9.9, 100% packet loss. Can’t connect to internal services either.

I notice in the VPN Dashboard, VPN Server, WIreguuard row on the right side there’s a button that brings up “routing options”, which is empty. Should anything be entered there? I would expect anything necessary to be automatically entered, but if I need to setup a route, I need to know how.

So for the MTU suggestions, but I had fragmentation with my Pixel 6A at the standard 1420 and had to reduce to make Wireguard work. Sorry can’t suggest anything else.