How to access acces remote router with wireguard server on Brume2

Hi Below is something I tried for at least 12 hrs continuously and failed (even without food :slight_smile: )

1)Brume 2 running wire guard server(working fine)

2)Brume 2 connected to the internet with another router having IP 192.168.4.1 This router has a public IP

3)Windows laptop connected to local hotspot of iPhone running Wireguard VPN client (tested IP address in website shows as same as the public IP of router at step 2

  1. Android phone connected to another router which has internet but no public IP it is behind the CGNAT the router server IP is 192.168.29.1 This android phone also connected to Brume2 wireguard server through android wirguard client ( brume 2 shows the clients online)

Now what I want

I want to access the router 192.168.29.1 which the android phone is connected to be accessed via windows laptop. Meaning in chrome of laptop if I type 192.168.29.1 the router page should open.
I am unable to do so. though both windows laptop and android phone is correctly connected wirguard server on brume2

What I tried Below are configuration

At windows laptop wireguard config given below
[Interface]
PrivateKey = (Hidden)
Address = 10.0.0.3/24
DNS = 64.6.64.6
MTU = 1420

[Peer]
PublicKey = (hidden)
AllowedIPs = 0.0.0.0/0, ::/0, 192.168.29.0/24
Endpoint = (hidden)
PersistentKeepalive = 25

At the Android end wireguard client config

[Interface]
Address = 10.0.0.5/24
PrivateKey = (hidden)
DNS = 64.6.64.6
MTU = 1420

[Peer]
AllowedIPs = 10.0.0.0/24, 192.168.29.0/24
Endpoint = (hidden)
PersistentKeepalive = 25
PublicKey = (hidden)

Static route in wireguard brume 2

image

=======================
Wireguard VPN client status

this is working the android phone has virtual IP 10.0.0.5 and windows has virtual IP 10.0.0.3 ( I tried to give screen shot but since I am new user cant attach more than one screenshot)

================
Firewall on brume 2

allowed any zone to any zone ( I tried to give screen shot but since I am new user cant attach more than one screenshot)

=======================

I know there are lot of security compromised but now just want it to work then I will reset my brume2.

Please note the android phone is at remote location I cant change settings there and person who helps me enable VPN in android is not at all tech savvy. Keep this is mind if there is any solution, please. I am not sure if I am trying something which is impossible if so please let me know

So from what I can gather is you are trying to wireguard to a client on a router that has CGNAT, if so then that is your problem. You can't wireguard back to a router that is using CGNAT as you have no addressable IP as such. You would need to use something like tailscale which can work in a similar way. Openvpn and wireguard won't allow you to connect due to CGNAT and ports not being available.

sorry I am not sure if I can understand the constraint. I thought since I can reach android phone through wireguard from laptop and android phone can reach the 192.168.29.1 so the wirguard client knows how to route a packet to 192.168.29.1

My thought was a packet for 192.168.29.1 from laptop will pass through wireguard tunnel to android phone and then wireguard client at android phone would then know how to pass it to the router 192.168.29.1 please where I am going wrong.

given I am wrong how can I use tailscale available brume2 to do what I am trying but note I cant install tailscale on device with 192.168.29.1 but I can on android phone and android phone is connected to192.168.29.1 through wifi. can you help

I think you need to create a network topology diagram to better explain what you are trying to achieve.

If you are trying to wireguard to a client that is behind CGNAT then you would need to install tailscale on their network and use a tailscale client instead.

                   +------------------+
                   |    NBN Device    |
                   |   (WAN Access)   |
                   +--------+---------+
                            |
                            | (WAN)
                            |
                            v
                   +--------+---------+
                   |     brume2       |
                   | WireGuard VPN    |
                   |     Server       |
                   +--------+---------+
                            |
                            | (VPN Tunnel)
                            |
             +--------------+--------------+
             |                             |
     +-------+-------+                +------+-------===+
     |  Windows Laptop |              |  Android Phone  |
     | (Client)        |              | (VPN Client)    |
     | Connected via   |              | Connected via   |
     | iPhone Hotspot  |              | Wifi to Router   |
     +-------+--------+               +------------------+
             |                              |
             |                              |
             v                              v
     +-------+--------+           +----------+-------+
     |    iPhone      |           |  Device with IP  |
     | (Hotspot)      |           |  192.168.29.1    |
     +----------------+           |  (Router)        |
                                   (Provides Internet) |
                                   +------------------+

Objective:

  • The Windows Laptop, connected via the iPhone hotspot and VPN tunnel, wants to access the Router at 192.168.29.1 in the local network of the Android phone.

Note: I cannot do much on an Android phone or a router with an address of 192.168.29.1 other than import a wireguard configuration client file on an Android phone. Also, the router 192.168.29.1 provides internet to Android phone but the router is behind CGNAT not having public IP

Please try to add the route rule like this

Update: due to the Android OS does not support the Port Forwarding feature or Route Table, seems to cannot achieve this target, the traffic only goes to Android, cannot go to the Router connected with the Android.

Suggestion:

  1. install and run the WG client in the 192.168.29.1 router
  2. connect the raspberry pi to instead of the Android Phone with the 192.168.29.1 router, which since this WG client device requires to support firewall or route tables, like Linux or Windows.
  3. The GL router enable the WG client, to instead of the 192.168.29.1 router.

The reply is on your email also.