How to access LAN through single lan connection via Wireguard on Brume 2

I want to be able to do the following at another place of mine:

image937×562 23.4 KB

192.168.1.1 = ISP router / cable modem
192.168.1.100 = Brume 2 (one cable in LAN, WAN disabled/bridged to br-lan, gw 192.168.1.1 for br-lan)
192.168.1.99 = LAN (all LAN devices have gw 192.168.1.1)

And now I want to access from outside internet into LAN through wireguard.

The Brume 2 would just be connected with one cable in LAN port to the 192.168.1.1 router, which is then connected to a switch and the other PCs in LAN are connected to the switch.

I have disabled the WAN port of the Brume 2 via the GLInet web interface so WAN becomes another LAN / bridge of br-lan:

I can already reach the Wireguard server from outside (port forwarding from 192.168.1.1 to 192.168.1.100).

The problem now is, I cant reach any LAN PCs or the ISP router itself from the WG client. I just can reach 192.168.1.100 and 10.0.0.1, that’s it.

I have already allowed wgserver forwarding in LUCI to LAN:

I have set a default gw in LUCI for the br-lan device:

I can ping from ssh console of the Brume the lan devices:

But I cant reach any PCs nor the ISP router from the WG clients.

What else is there to do to make this work? I have already tried to enable NAT masquerading on the WGServer on/off both with no result. Do I need to set a static route too somewhere? I tried experimenting with it but with no luck so far.

I dont want the Brume 2 act as another 2nd router in front or between the clients with two subnets, just as a Wireguard server which then allows to access LAN through it.

Or is there a better elegant way to achieve this? I tried to give WGServer the same subnet address, for example 192.168.1.201 and client 202, that also didnt work. Or do I need to add wgserver to br-lan for this to work too?

Do I need to add a WG static in here maybe? If so which one:

image878×231 6.71 KB

Not sure what would make sense to add though, 192.168.1.0/24 192.168.1.1 wouldnt make much sense because it is already the default gw of br-lan, no? I tried to add that anyway, and it also didnt work.

What about adding a static route at 192.168.1.1, something like 10.0.0.0/24 192.168.1.100 ?

Update:

I fixed it by activating NAT masquerading also on the br-lan device on the Brume 2:

But is this the right way to do it?

i'm having an issue doing the same thing. however i dont know what Luci is. i want to access another shared folder on a local PC connected to my local network, from a remote PC connected to wireguard

Accessing Windows share wont work that easily I think because Windows uses IPv6 protocol for network share discovery for example, not sure if manual share works. Just allow wgserver forard accept in Luci and that should already work for normal IPv4 services. Install maybe a nother server on that PC you want to access files like a FTP, HTTP or SSH server.