GL-MT6000 Wireguard config to access other subnets

Hi Everyone,
Just got the shiny new GL-MT6000, seems to be working beautifully.
I’ve set up a WG server and Clients are connecting very quickly.
Devices on the GL-MT6000 are on the LAN subnet 10.0.x.x/24
The Clients connecting to the GL-MT6000 via WG are on 10.1.x.x/24

Clients connecting via WG don’t seem to be able to access the devices on the LAN subnet.

I’ve tried adding the subnets to the allowed IP’s as follows, but that doesn’t seem to help:

**[Interface]
Address = 10.1.x.x/24
PrivateKey = redacted
DNS = 1.1.1.1,8.8.8.8
MTU = 1420

[Peer]
AllowedIPs = 0.0.0.0/0, 10.0.x.x/24, 10.1.x.x/24, ::/0
Endpoint = x.x.x.x:xxxxx
PersistentKeepalive = 25
PublicKey = redacted=
PresharedKey = redacted=**

Suggestions?

Thanks

You need to turn on:
VPN Dashboard - VPN Server - WireGuard Server Options - Allow Remote Access LAN

And the wireguard server is accessed via the WAN port of MT6000.

Thanks for the reply hansome.
I’ve turned on "Allow Remote Access LAN.
When connected to the VPN I can get to the login for the router (lets say it’s at 10.0.x.1) but I can’t reach the server I have ‘in’ that network (lets say it’s at 10.0.x.2).
I do know the server is working - I can access it if I use my Tailscale setup and go to the server with 10.0.x.2 (Shouldn’t be a conflict there).

. . . not sure what else I might be missing.

Crap. I’m an idiot.
. . . forgot to update the server firewall to allow access from the designated WG subnet.

For those who may need it:
ie: sudo ufw allow from x.x.x.0/24 (x being the subnet that was allocated to your Wireguard Clients

Problem Solved.

Thanks hansome! I did miss the switch you mentioned, so that helped too.

You need to turn on:
VPN Dashboard - VPN Server - WireGuard Server Options - Allow Remote Access LAN

1 Like