I set up a GL.iNET AX1800 as a Wireguard server. I know it's working because I can connect using the Wireguard app on my phone. What I don't know is how to connect to the resources behind the router through the VPN.
I'm not using DDNS on the router but am using it on my Synology NAS. (GL-iNET's DDNS is really primitive. No third party DDNS? Wow.) Connecting to the DDNS host name takes me to the router web page where I can log in, so the VPN is obviously connected and the Synology DDNS setup works.
I know how to open ports to the public internet but would rather not. That's why I have the VPN. How do I connect to my NAS as a network drive, for example, or to it's web GUI? All of that works fine within my LAN using Windows and allowing network discovery for file access.
Does your answer about access change if the Windows user account is not administrator? I set up the Wireguard client app as administrator, then use the laptop as non-administrator. The tunnel shows as active when I hover over the network icon in the system tray.
Ultimately, I want to set up a GL-AR750S travel router as a Wireguard client so that everything connected to the travel router using DHCP can transparently connect to the NAS behind the VPN server.
I'd greatly appreciate any knowledge you can share. References to specific educational resources are welcome, as well.
Considering the client-to-client option, it sounds like it's either/or. Does that mean it's set up on to connect between sites and doesn't support individual clients? If so, is it mutually exclusive to set up a site-to-site VPN between the server and a GL-AR750S travel router as a client, while also hoping to connect directly from my laptop when it's connected to other public internet sources.
If I can't do both, do I have to set up the server as client-to-client and install client software on all client devices? (They're aren't many. I was just hoping for a more elegant approach.)
So all these are routed through the WG server and you can reach them behing, in this case 192.168.100.255 and 192.168.10.255 and 10.0.0.1 and 192.168.8.1.
If you have another router connected via WG to the server and want to reach it too from clients you need to add a manual route like this
I think I'm understanding this, but it's still fuzzy. Am I correct in thinking the allowed ip addresses configured in Luci apply only to connections through the VPN?
"allowed ips" is a bit misleading in my oppinion especially for someone who is new to wireguard, a better word would have been "routed ips". the allowed ips you set for both client and server are basically routes wireguard sets. all these ips are routed through the tunnel and become reachable. if you set 0.0.0.0/0 for example everything will be routed through the tunnel. this could wanted for example on client side, if you want to route everything through the tunnel even internet access.
Thanks for the details. I definitely don't want to route all traffic. My home ISP is cable with lousy upload speeds. That would throttle every going to the connected clients. I have to accept it for files downloaded from home but not everything else.
