Flint2 with Flint Site 2 site problem

Just bought 3 routers, will set up all 3 in time but for now, just 1 Flint 2 running Wireguard server, 1 Flint running Wireguard as Client. I have them talking to each other no problem, used the tutorial and have green lights on both and show traffic between them
Now the issue is that I have selected REMOTE ACCESS LAN on both sides but I cannot share any network resources, Server Network Folders or printers or any \namespace items from the client to the server or the server to the client. I did add route rule to server matching the client side IP so now I am lost? did I miss a step?

Can you ping them across the networks?

Did you make sure that there is no network overlapping?

hmm for your printer as example, did you try to connect with the full ip instead of auto connect?

usually in alot of auto detect software it uses multicast broadcasts to find devices, however in wireguard tunnels this mostly is turned off by default.

For your shares i still need a bit more information:

  • are the shares on the router?, or are the shares from something like a NAS?

set Flint 2 to 10.22.66.10 set Flint to 10.22.66.20 have DHCP range set to 100-254
I cannot ping anything on the other sides network....

Also set Client to Client but still no joy.

Could this be the problem? Full Log posted below as well.
Log shows: Sat Jun 29 21:23:07 2024 daemon.notice netifd: wgclient (11249): RTNETLINK answers: Permission denied

Log

Sat Jun 29 21:20:14 2024 daemon.notice netifd: Network device 'wgclient' link is down

Sat Jun 29 21:20:15 2024 user.notice firewall: Reloading firewall due to ifdown of wgclient ()

Sat Jun 29 21:20:15 2024 daemon.notice netifd: wgclient (9940): sh: 1: unknown operand

Sat Jun 29 21:20:15 2024 daemon.notice netifd: Interface 'wgclient' is now down

Sat Jun 29 21:23:06 2024 daemon.notice netifd: Interface 'wgclient' is setting up now

Sat Jun 29 21:23:07 2024 daemon.notice netifd: wgclient (11249): RTNETLINK answers: Permission denied

Sat Jun 29 21:23:07 2024 daemon.notice netifd: Network device 'wgclient' link is up

Sat Jun 29 21:23:07 2024 daemon.notice netifd: Interface 'wgclient' is now up

Sat Jun 29 21:23:07 2024 user.notice firewall: Reloading firewall due to ifup of wgclient (wgclient)

Sat Jun 29 21:23:07 2024 user.notice wgclient-up: env value:T_J_V_ifname=string J_V_address_external=1 USER=root ifname=wgclient ACTION=KEYPAIR-CREATED N_J_V_address_external=address-external SHLVL=3 J_V_keep=1 HOME=/ HOTPLUG_TYPE=wireguard T_J_V_interface=string J_V_ifname=wgclient T_J_V_link_up=boolean LOGNAME=root DEVICENAME= T_J_V_action=int TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin CONFIG_LIST_STATE= J_V_interface=wgclient K_J_V= action ifname link_up address_external keep interface J_V_link_up=1 J_V_action=0 T_J_V_address_external=boolean N_J_V_link_up=link-up T_J_V_keep=boolean PWD=/ JSON_CUR=J_V CONFIG_SECTIONS=global AzireVPN Mullvad FromApp group_5064 group_8031 group_7349 group_1646 peer_2001 CONFIG_cfg030f15_ports=

Sat Jun 29 21:53:38 2024 daemon.notice netifd: Network device 'wgclient' link is down

Sat Jun 29 21:53:38 2024 user.notice firewall: Reloading firewall due to ifdown of wgclient ()

Sat Jun 29 21:53:38 2024 daemon.notice netifd: wgclient (21002): sh: 1: unknown operand

Sat Jun 29 21:53:38 2024 daemon.notice netifd: Interface 'wgclient' is now down

Sat Jun 29 21:55:33 2024 daemon.notice netifd: Interface 'wgclient' is setting up now

Sat Jun 29 21:55:33 2024 daemon.notice netifd: wgclient (22093): RTNETLINK answers: Permission denied

Sat Jun 29 21:55:33 2024 daemon.notice netifd: Network device 'wgclient' link is up

Sat Jun 29 21:55:33 2024 daemon.notice netifd: Interface 'wgclient' is now up

Sat Jun 29 21:55:33 2024 user.notice firewall: Reloading firewall due to ifup of wgclient (wgclient)

Sat Jun 29 21:55:33 2024 user.notice wgclient-up: env value:T_J_V_ifname=string J_V_address_external=1 USER=root ifname=wgclient ACTION=KEYPAIR-CREATED N_J_V_address_external=address-external SHLVL=3 J_V_keep=1 HOME=/ HOTPLUG_TYPE=wireguard T_J_V_interface=string J_V_ifname=wgclient T_J_V_link_up=boolean LOGNAME=root DEVICENAME= T_J_V_action=int TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin CONFIG_LIST_STATE= J_V_interface=wgclient K_J_V= action ifname link_up address_external keep interface J_V_link_up=1 J_V_action=0 T_J_V_address_external=boolean N_J_V_link_up=link-up T_J_V_keep=boolean PWD=/ JSON_CUR=J_V CON

WireGuardClient

WireGuardServer
this is my server settings

WireGuardClientConf

This is my conf file for the clientside

ping
this is the ping the client pinging the servers ip

the shares are on local users PCs in the form of shared printers, 1 printer is a network printer 10.22.66.143 and is on the Client side of the routers/vpn, the directories are from 2 servers, one is a database server \Tntarp\ and one is a nas \tntarpnas\ I also VNC to most workstations for maintenance and help desk for the company. None of them are accessable

FYI I have had an OpenVPN running a tunnel for years with full access to all devices and folders, I switched to wireguard and GL.iNet routers because they were supposed to be faster and easy to setup, I so far agree they are faster, but the speed is useless to me without the lan access.

Since you can’t even ping your clients: Maybe you forgot to adjust the local Windows firewall?

1 Like

This could be due two things see @admon reaction, but also it can be dhcps rebind protection.

Does pinging to the wireguard virtual ip work?

edit:

I also notice this:
10.0.0.5/24 usually this is not recommended for a site to site vpn, you essentially want:

the server needs:
10.0.0.1/24 <- many people including myself make the mistake in turning this into a host bit, if it looks like that ending with 0/24 that is wrong this can also be a cause it is not working.

For the peers its better to use more abstract approach:

You use 10.0.0.5/32 and for allowed ip: 0.0.0.0/0 on the client.

actually turned off the firewalls in windows on both sides. To test - no joy

Is there a DETAILED guide for setting up the wireguard on a gl.inet router (flint 2) that is working to share lan traffic? Not internet traffic, lan traffic. I have 1 more day to figure this out before payroll so they can write checks over the tunnel.

There is no conceivable way that I am the 1st person in the history of GL.inet history to want to share network resources both directions using wireguard! Why is there no detailed faq for this?

My openVPN shared all resources out of the box, why does Wireguard block them? I am 100% sure this is a blocking issue, just dont know what or where to fix that. The Wireguard prompts you for remote access to lan, that should be doing something? What about IP masquerading or Client to Client do they need to be on or off? Again, I cannot be the 1st person to ask this, this is very frustrating!

Please provide us a network diagram so we can investigate further.


the remote pc on the left is the office pc and is ip 10.22.66.104

This won't work.

The networks on each side must be different.

I have always had them in that range for openvpn, do you mean they need to be
Server 10.22.10.22 and Client 10.22.20.22?

Since you are connecting two networks by using two routers, you need to have different networks. So yes, one must be in another subnet than the other.