On mt-2500a 4.1 (the last version that has working sqm qos)
Wireguard server options
Allow remote lan access (disabled)
So I setup the wireguard server today, forgot to enable ‘allow remote lan access’ and left the premise
My clients configuration had specified the mt-2500a router IP address as the dns, to make use of the Adguard home filtering, with this dns specified there is 0 Rx transmission. Specifying an upper tier router IP or other public dns works fine.
So I figured it’s probably due to the ‘allow remote lan access’ being disabled
I know this option is to control access to other clients on the router, or admin access to the router configuration
But is it your intention to also control dns resolving via this option ?
This option is used to control the firewall. When you enable it, the firewall zone rule wireguard server → lan will be accepted. So you cannot use the LAN IP of the router and the VPN client cannot arrive at it. You should use the MT2500A’s virtual IP.