I have a wireguard server C, I have a wireguard client B and a wireguard client A (Opal router). I would like to reach A's LAN from B. all IPs allowed on all clients They are set to 0.0.0.0/0. I can't do it... I'm going crazy and I don't know where to put my hands....
There is a cloud managed solution here Flint 2 looses AP connection - #3 by esselite
There is a manual config method Building a Site-2-Site network manually using two GL.iNet routers(SDK 4.X)
In wg-server, if it is a GL.iNet router, you need to enable "Allow Remote Access LAN", if you want to access B from A.
To Access A's LAN from Peer B:
- In wg-server, choose "Allow Remote Access LAN"
- In Peer A (Opal), choose "Auto Detect" In vpn policies
- In wg-server, set routing as in the guide.
Also pay attention to Building a Site-2-Site network manually using two GL.iNet routers(SDK 4.X) - #9 by hansome
There is updated guide.
I am sure this will solve your issue. It is not that complicated to follow.
can i use this with 1 glinet device used as peer ?
This surely will do but I am not sure how do you configure the wg-server side.
Both guides I gave include config in the wg-server side.
Obviously I have already done this step but it produced no results.... I can reach the virtual IP of the VPN but not its entire LAN.
from the devices connected to peer A I can reach the devices connected to peer B but not the other way around. I would like to point out the fact that device A is the GL-SFT1200.... there will surely be some routing rule to set or there is a bung that doesn't make the issue work....
You said the server side is not our router you need to give details on that part.
I solved it, I had to change the allowed IPs in the wg0.conf file on the server side
Could you tell me the latest setting of "the allowed IPs in the wg0.conf file" ?
I had not resloved the similar trouble...
You have to put there the subnet of the LAN you want to access
THX for your telling.
But my trouble seems to have another cause.
My setting of "the allowed IPs" is "0.0.0.0/0"( I recognize it "all accessible").
Mmm...
You don't have to look in the client configuration threads but you do have to look in the wg0.conf file, usually you can find It in: etc/wireguard/wg0.conf
THXs for your kindness.
I could understand that the conf-file of the server is important.
My GL-iNet(GL-MT2500. Firmware4.5)[10.0.0.1] doesn't have the file(/etc/wireguard/wg0.conf).
It seems to make conf-file dynamically (ref: Wireguard S2S Tunnel von MikroTik zu GLiNet )
Its conf-file ( /tmp/wireguard/wgserver) is bellow and had the subnet of the LAN.
[Interface]
PrivateKey=**************
ListenPort=51820
FwMark=0x8000
[Peer]
PublicKey=**************
AllowedIPs=10.0.0.2
AllowedIPs=192.168.102.0/24
PersistentKeepalive=25
[Peer]
PublicKey=**************
AllowedIPs=10.0.0.3
AllowedIPs=192.168.103.0/24
PersistentKeepalive=25
My phone[10.0.0.3] can tracert another GL-iNet(GL-XE300. Firmware4.0)[10.0.0.2],
but cannot find PC[192.168,102.238] under [10.0.0.2]...
I've got it!
I had confuse accessing from client and accessing form client-node. I could realize that the firewall distinguish the node and the device.
-
After updating firmware(over 4.0),
-
setting as bellow,
[Forum.GL-iNet]Building a Site-2-Site network manually using two GL.iNet routers(SDK 4.X) -
add Client Configuration of server setting as bellow,
[GL.iNet Router Docs 4]How to visit WireGuard client LAN side from Server
and I could connect a node device under WG_Server router to another device under WG_Client router eachother!