How to build a site to site network with two ar750s for lan game play

heytrey · 2019-03-11T06:43:04.738Z

you could use something like zerotier to create a software defined network between devices.

Zerotier package missing? (on GL.iNet AR750) Technical Support for Routers

Thanks, did you add the zerotier into the lan zone as well? Do you need to set allDefault=1 (I want all my internet traffic routed through my Zerotier server in the cloud)? My LEDE system works, just my AR-750s did not work. Will give that a try

kyson-lok · 2019-03-11T07:50:50.033Z

You can set up on as WireGuard Server, and another acts as WireGuard Client. When the connection is established, there is no additional configuration is required, you can access the Server’s LAN by default.

Oroville · 2019-03-11T13:16:16.658Z

I have a ar300m and a ar750s would this work? both are running v3

kyson-lok · 2019-03-12T03:49:06.714Z

Yup, it can work, but the server side must have a public IP address. You can have a try.

klaberte · 2019-07-25T21:10:38.414Z

Wait, what?! The default firmware 3 Wireguard setup gives the VPN client access to the VPN Server’s LAN clients?

kyson-lok · 2019-07-26T03:46:11.160Z

Yeah, it is the default behavior, but we will change, will add an option for users.

klaberte · 2019-07-26T16:08:02.130Z

Please explain which configuration changes you make to allow VPN Server LAN access from the VPN Client. Is it simply adding the LAN IP range in the AllowedIPs in the VPN Client?

kyson-lok · 2019-07-27T07:52:34.519Z

Please edit the shell script /etc/init.d/wireguard, just need to remove this part.

image578×701 11 KB

klaberte · 2019-07-27T16:06:49.734Z

What happens when you change the AllowedIPs in the VPN Client. Which config files are changed if you change this via the v3 GUI in the VPN Client Wireguard area?

klaberte · 2019-07-30T20:12:45.338Z

Sorry, this answer does not make sense to me. The lines included in the red box appear to instruct the firewall to allow messages from the VPN Server LAN to the VPN Client, no?

If you remove those lines from the config file, wouldn’t that prevent (drop) packets from the VPN Server’s LAN back to the end of the WG tunnel, i.e. the VPN Client?

And also from my other post in this thread, what specific changes are made to the config when the AllowedIP are changed?

kyson-lok · 2019-07-31T08:37:39.739Z

Sorry for my mistake. What you want to do is access WireGuard Client’s LAN device from WireGuard Server side, right?

If so, you should edit the file /etc/config/wireguard_server on server side, please add the peer’s subnet. For example:

klaberte · 2019-07-31T19:28:20.794Z

Sorry, no, the other way around. I want to access LAN clients behind my VPN Server from my VPN Client (and its subnet).

kyson-lok · 2019-08-01T02:03:20.968Z

Please modify it as I mentioned above.

klaberte · 2019-08-01T03:03:28.212Z

Sorry, your replies have not been consistent. I have no idea what you mean by “modify it as I mentioned above”. Can you try to give a more complete answer?

kyson-lok · 2019-08-01T03:10:55.566Z

klaberte:

I want to access LAN clients behind my VPN Server from my VPN Client

It is the default behavior. If you setup WireGuard Client on GL routerA, and setup WireGuard Server on GL routerB, when the WireGuard connection between routerA and routerB is established, you can access LAN clients behind your VPN server from VPN client side.

But if you also want to access LAN clients behind your VPN client from VPN server side, you have to modify as I mentioned above, if you don’t need this, you don’t need edit anything.

klaberte · 2019-08-01T03:18:17.983Z

Are you assuming that the B has its LAN using 192.168.8.X? Will that make the A’s LAN start to pass out IP addresses in the same space? Or does it just tell A to send traffic bound for 192.168.8.X to the other side of the Wireguard tunnel?

kyson-lok · 2019-08-01T03:30:20.894Z

Client and Server should have different subnet, such as routerA’s subnet is 192.168.8.0/24, routerB’s subnet should be 192.168.9…0/24.

Oroville · 2019-08-01T21:59:06.895Z

can someone do a step by step guide on how to setup a zerotier on a glinet device on both devices with pictures please. i want to access both LANS

Thank you.

klaberte · 2019-08-10T19:04:42.963Z

klaberte:

what specific changes are made to the config when the AllowedIP are changed?

What specific changes are made to the config when the AllowedIP are changed?

Sunny · 2019-08-23T05:08:22.822Z

kyson-lok:

You can set up on as WireGuard Server, and another acts as WireGuard Client. When the connection is established, there is no additional configuration is required, you can access the Server’s LAN by default.

Dear @kyson-lok,
Can I do the reverse? Can a device in the WireGuard Server LAN access the devices in the WireGuard Client? Any setting required?