Hi Everybody,
i need help please and tried a lot before i wrote this post.
I bought 2 MT-2500 to make a site to site connection. I got that running as discribed here in the Router Docs → here
BUT: behind my Wireguard gateway is another gateway which ist providing access to a second network. All connected devices should be connected to each other.
see the picture from the tutorial above please. on the left side from the wg server is in my case a gateway to another network, i am not able to access from that network into the tunnel an connected devices. All devices can ping to the LAN Port of the WG Gateway but not from one end to the other. Is that possible and when yes, how?
Brume2 WG Gateway connected to WAN Port
LAN: 10.70.12.1 → 10.70.12.253 (Gateway to the second network with the routes) e.g.-> 192.168.99.128/25
Virtual IPs 10.0.0.0 /24
Brume2 WG Client connected to WAN Port
LAN: 10.70.9.100
Devices from 10.70.9.x can ping to 10.70.12.1 and Wiregard Clients but not to the Gateway IP
May it is a configuration in advanced settings and LAN bridge?
hi,
I am not so clear about your topology and problem/needing. Is your topology looks like piture below? And you can ping PC1 and WG-client2 from PC2, but cannot ping Brume2-A’s gateway(192.168.99.128)?
Hi,
Pings within the circles are working.
Ping from 10.70.9.1 to 10.70.12.1 > ok
Ping from 10.70.9.1 to 10.70.12.253 > not ok
Ping from 192.168.99.200 to 10.70.12.1 > ok
Ping from 192.168.99.200 to 10.70.9.1 > not ok
hi,
About Ping from 10.70.9.1 to 10.70.12.253 > not ok, it maybe a firewall issue of Gateway.In my case, I have to run iptables -I INPUT -i eth0 -p icmp -j ACCEPT on Gateway to allow incoming icmp packet.
And about Ping from 192.168.99.200 to 10.70.9.1 > not ok, please change LAN netmask of both Brume2 to 255.255.255.0(picture1 below). And could you try with the lastest beta version GL.iNet download center? If you donnot want to upgrade, you can run ifup wgserver on Brume2-A after you done with route rule setting(piture2 below). And then make sure LAN subnet of Brume2-B has been added to WG server’s allowed ips, which can be checked by command wg and ip route(picture3 below).Finally, running “ifup wgclient” or restart wgclient on Admin Panel for quick reconnection.
Netmasks were allready at /24
4.routes are configured, i compared that with the screenshots
If i go to advanced > luci > network diagnostics > Ping 10.70.12.253, the ping is ok, from the tunnel not
I think the point is, that the 12.253 is not reachable, so the routes doesnt work.
DHCP is completly off for lan. Whats about the default Gateway? if i put 12.253 in there, tunnels cannot connect annymore.
hi,
After remote check, I found that ping from WG server to gateway is ok, but ping from WG client to gateway is not ok. Ping from WGclient have been forwarded to gateway, but didn’t get response from gateway.It seems like ping from wgclient is rejected/blocked by gateway.Could you capture packets on gateway for further check?
You can also connect a PC directly to WG server, and use wireshark to capture packets on PC. If you can capture icmp request from wgclient on PC, then route rule settings are without problem.
