Glui: vpn

On mt-2500a 4.1 (the last version that has working sqm qos)

VPN dashboard
Wireguard server options
Allow remote lan access (disabled)

Description:
So I setup the wireguard server today, forgot to enable ‘allow remote lan access’ and left the premise

My clients configuration had specified the mt-2500a router IP address as the dns, to make use of the Adguard home filtering, with this dns specified there is 0 Rx transmission. Specifying an upper tier router IP or other public dns works fine.

So I figured it’s probably due to the ‘allow remote lan access’ being disabled

I know this option is to control access to other clients on the router, or admin access to the router configuration

But is it your intention to also control dns resolving via this option ?

Same finding as this post Firmware 4.2.x is out as snapshot firmware - #166 by ntrazivuk

This option is used to control the firewall. When you enable it, the firewall zone rule wireguard server → lan will be accepted. So you cannot use the LAN IP of the router and the VPN client cannot arrive at it. You should use the MT2500A’s virtual IP.

i take that virtual ip means the router’s wireguard ip 10.0.x.1 ? nope its not working as well, dns not resolving when dns = 10.0.x.1

Sounds like a bug, we’ll check it out. Thanks for the feedback!
If I understand correctly, when you enable “Allow Remote LAN Access”, you can use the router’s LAN IP as the DNS server, right?

finally back to the premise to lan cable connect to the mt2500a, nope, i cant use router lan ip (192.168.x.x or wireguard 10.0.x.x)

unless i turn off adguard home, so i guess the upper tier router is blocking any other attempt to bypass its own dns

edit:

went back to double check:
mt2500a: allow remote lan access - disabled
upper router intercept dns - disabled

no dns resolved after wg connection established - dns 192.168.x.x or 10.0.x.x

you can use 192.168.x.x if it is enabled?

Yes, provided I disable Adguard home on mt2500a or have WAN that doesn’t intercept dns