chenui
February 27, 2023, 11:12pm
1
I use MT3000 as wireguard client (wireguard address 10.10.0.3) connecting to my home openwrt wireguard server(wireguard address 10.10.0.1). I can access the home server ( intranet address 192.168.1.0/24) from the MT3000, and I can access wireguard client (10.10.0.3) from server, but I can not access the client intranet (192.168.2.0/24).
How can I config the MT3000 to access the client intranet from server?
I think you should configure a static route on the server side, maybe like the following.
ip route add 192.168.2.0/24 dev wg0
Then, turn on the switch that Allow Remote Access LAN on the client side
chenui
February 28, 2023, 7:18am
3
Thanks for your reply!
I have executed all your advice.
turn on the switch “Allow Remote Access LAN” on the client side;
add the static route, use your suggesting command
Now the route table on the server side is:
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 br-lan
10.10.0.0 0.0.0.0 255.255.255.0 U 0 0 0 WGVPN
10.10.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 WGVPN
10.10.0.3 0.0.0.0 255.255.255.255 UH 0 0 0 WGVPN
10.10.0.4 0.0.0.0 255.255.255.255 UH 0 0 0 WGVPN
10.10.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 WGVPN
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 WGVPN
then ping the client IP
ping 192.168.2.1
PING 192.168.2.1 (192.168.2.1): 56 data bytes
ping: sendto: Required key not available
I use the another command:
route add -net 192.168.2.0/24 gw 10.10.0.3
the route table is:
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 br-lan
10.10.0.0 0.0.0.0 255.255.255.0 U 0 0 0 WGVPN
10.10.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 WGVPN
10.10.0.3 0.0.0.0 255.255.255.255 UH 0 0 0 WGVPN
10.10.0.4 0.0.0.0 255.255.255.255 UH 0 0 0 WGVPN
10.10.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 WGVPN
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
192.168.2.0 10.10.0.3 255.255.255.0 UG 0 0 0 WGVPN
ping 192.168.2.1
PING 192.168.2.1 (192.168.2.1): 56 data bytes
ping: sendto: Required key not available
Same result as above.
You may need to add the allowed ips parameter to the wireguard configuration and add 192.168.2.0/24 to the list
1 Like