I’ve configured the wireguard client on my MT-1300 and can confirm it is working fine. I’m hosting my own wireguard server. What I can’t manage to do is the following : I want all wifi clients of the MT-1300 to have access to the devices on my home network where the wireguard server is located.
This is something I actually manage to do if I remove the MT-1300 wireguard client from the equation: IF the wireguard client is residing on the device itself (say on an iPhone or laptop), then I can actually access all my remotes machines through the VPN tunnel.
So, it seems logical that there is additional configuration to do at the level of the MT-1300. In the firewall maybe?
My guess is that there is some sort of subnet problem. You have the subnet of the MT1300 dhcp (192.168.8.X), then the subnet of the wireguard service itself (10.10.10.X), and the subnet of my home network where the wireguard server is residing. Should I disable the M1300 dhcp server ? Is it what is blocking access to machines on my distant home network even though there is an actual VPN tunnel to there ?
ok, I found the “solution”. The way wireguard configuration is implemented in the GL-iNet web UI makes it impossible to have multiple subnets in the allowedIPs field.
By connecting via SSH to the router and configuring wireguard and static routes manually, I was able to have both site-to-site communication with my home network AS WELL AS internet traffic, all going through the VPN tunnel.
Hi Chatelp, would you be able to share the configuration regarding below, as I’m trying to archieve the same…
Many thanks!
“By connecting via SSH to the router and configuring wireguard and static routes manually, I was able to have both site-to-site communication with my home network AS WELL AS internet traffic, all going through the VPN tunnel.”
0.0.0.0/1 dev wgclient scope link
default via 192.168.143.71 dev wlan-sta0 proto static src 192.168.143.105 metric 20
10.8.0.0/24 dev wgclient proto kernel scope link src 10.8.0.10
128.0.0.0/1 dev wgclient scope link
140.141.238.2 via 192.168.143.71 dev wlan-sta0 proto static metric 20 192.168.0.0/24 dev br-guest proto kernel scope link src 192.168.0.1 linkdown
192.168.8.0/24 dev br-lan proto kernel scope link src 192.168.8.1
192.168.143.0/24 dev wlan-sta0 proto static scope link metric 20
The LAN at the server side is 192.168.0.0/23, so seems like this line here is the problem:
192.168.0.0/24 dev br-guest proto kernel scope link src 192.168.0.1 linkdown
After removing:
ip route del 192.168.0.0./24 dev br-guest
I’m able to ping machines under 192.168.0.0/24.
Not sure why that line is there and what’s the importance of it.
Edit: Apparently that’s the setting for guest network. So, on the UI, go to: Network > lan > Guest Network Change it to a subnet that’s not conflicting with your remote LAN.