Hi all,

I’ve configured the wireguard client on my MT-1300 and can confirm it is working fine. I’m hosting my own wireguard server. What I can’t manage to do is the following : I want all wifi clients of the MT-1300 to have access to the devices on my home network where the wireguard server is located.

This is something I actually manage to do if I remove the MT-1300 wireguard client from the equation: IF the wireguard client is residing on the device itself (say on an iPhone or laptop), then I can actually access all my remotes machines through the VPN tunnel.

So, it seems logical that there is additional configuration to do at the level of the MT-1300. In the firewall maybe?

My guess is that there is some sort of subnet problem. You have the subnet of the MT1300 dhcp (192.168.8.X), then the subnet of the wireguard service itself (10.10.10.X), and the subnet of my home network where the wireguard server is residing. Should I disable the M1300 dhcp server ? Is it what is blocking access to machines on my distant home network even though there is an actual VPN tunnel to there ?

I’m at a loss, please help

Cheers!

Are the wifi clients at least able to access the Internet through the VPN tunnel when the GL-MT1300 is connected to the home WireGuard server?

I do not work for and I do not have formal association with GL.iNet

ok, I found the “solution”. The way wireguard configuration is implemented in the GL-iNet web UI makes it impossible to have multiple subnets in the allowedIPs field.

By connecting via SSH to the router and configuring wireguard and static routes manually, I was able to have both site-to-site communication with my home network AS WELL AS internet traffic, all going through the VPN tunnel.

Hi, I’m currently trying to achieve the same.
Could you please share the configuration / rules you are using for this?

edit
nvm just found out one single route command is enough.
In my case (wg server is 172.16.0.1 and local subnet behind wg server is 192.168.1.0/24):

 ip route add 192.168.1.0/24 via 172.16.0.1 dev wg0

Hi Chatelp, would you be able to share the configuration regarding below, as I’m trying to archieve the same…
Many thanks!

“By connecting via SSH to the router and configuring wireguard and static routes manually, I was able to have both site-to-site communication with my home network AS WELL AS internet traffic, all going through the VPN tunnel.”

When I ssh in to the router, this is what I saw:

ip route list

0.0.0.0/1 dev wgclient scope link
default via 192.168.143.71 dev wlan-sta0 proto static src 192.168.143.105 metric 20
10.8.0.0/24 dev wgclient proto kernel scope link src 10.8.0.10
128.0.0.0/1 dev wgclient scope link
140.141.238.2 via 192.168.143.71 dev wlan-sta0 proto static metric 20
192.168.0.0/24 dev br-guest proto kernel scope link src 192.168.0.1 linkdown
192.168.8.0/24 dev br-lan proto kernel scope link src 192.168.8.1
192.168.143.0/24 dev wlan-sta0 proto static scope link metric 20

The LAN at the server side is 192.168.0.0/23, so seems like this line here is the problem:
192.168.0.0/24 dev br-guest proto kernel scope link src 192.168.0.1 linkdown

After removing:
ip route del 192.168.0.0./24 dev br-guest

I’m able to ping machines under 192.168.0.0/24.

Not sure why that line is there and what’s the importance of it.

Edit:
Apparently that’s the setting for guest network.
So, on the UI, go to: Network > lan > Guest Network
Change it to a subnet that’s not conflicting with your remote LAN.