GL-MT6000 Wireguard Blackholing Traffic

CiscoSucks · May 9, 2025, 1:24am

yeah.. the title is a bit confusing.

What I'm running into is I have a webserver behind a NGINX proxy within my network and If I'm on my WireGuard VPN it'll redirect me to the GL.iNet Admin page instead of forwarding the traffic to my internal NGINX server.

Being on LAN it works fine, and on WAN it works fine.

What I suspect is the traffic isn't being allowed to go from Outside > Inside if it's destined from the WG interface, or is hitting a blanket rule somewhere.

I verified it not being an issue on Vanilla OpenWRT, but can't deal with the performance of the open-source wireless drivers.

bruce · May 9, 2025, 11:36am

Yep, this title is a bit confusing.

MT6000 as the VPN server, a server running nginx on the MT6000 LAN, and the WG client on other router or phones, is the topology correctly?

The WG client access the server website via the LAN IP, and it will re-direct to the GL Admin Panel page?

CiscoSucks · May 9, 2025, 7:08pm

Hi Bruce,

MT6000 as my firewall, VPN server and router.
Clients are connecting to MT6000 as the client.
Nginx lives on a server on my LAN.

bruce · May 14, 2025, 4:33am

Thanks, it is clear.

Is access the web page (nginx) in VPN client through domain-name or the LAN IP?
The Nginx is running a Web service, right?

CiscoSucks · May 14, 2025, 10:54pm

the diagram is correct

nginx is being used as a reverse-proxy, and I access it using the public DNS name.

bruce · May 20, 2025, 10:42am

May I know how about if access it using the LAN IP?
Since you already running the VPN, why using the domain_name (public DNS name) instead of the LAN IP?