Is anyone actually running S2S without the Gl Cloud?

I am getting very frustrated with the inability to get S2S VPN going using Wireguard. Clients can reach hosts on the LAN side of the server, but cannot ping each other or client LAN hosts.

Server is and LAN is
Client A is an iPhone,
Client B is Windows and LAN is

Both client A and B can ping However, cannot ping and vice versa. Furthermore, neither the server nor client A can ping any hosts on

The server config file has list subnet for peer B.

What I am doing wrong? No, I am not interested in using the Cloud solution and trust my network to a third party.

Unfortunately the reference thread does not apply. First, in that case the clients are other GL routers. More importantly, I have tried countless times to follow the OpenWRT community instructions for Luci and have been unable to get wireguard going.

From my perspective, I purchased a router and am following the manufacturer’s instructions which unfortunately do not work. At this point I am fed up and ready to ship the router back to Amazon.

Here’s the server configuration file:

config servers
        option local_ip ''
        option local_ipv6 'fd00:db8:0:abc::1'
        option private_key 'iiSm1IgC0+kc2Nt6iiiYX+BHmCK7QXzkM='
        option public_key 'DPPEBN01sVt6Rh61rtytn/s70Vy/bsV4='
        option access 'ACCEPT'
        option local_port '5003'
        option enable '1'

config peers 'wg_peer_3044'
        option name 'Client_A'
        option client_key 'ekL4tuGGV2gqJYlk0xJJuhNVmrOdsDjFA='
        option private_key 'yYnJhiQuwT01HaTFu6Cd+/EEsEekgwS2A='
        option client_ip ''

   config peers 'wg_peer_8682'
        option name 'Client_B'
        option client_key 'etX/sxzdf/f2tBI/0WMRq06kPcEsB0DAg='
        option private_key 'sG81B5B/W1CX5k722Y0h4B6+F+lhglNjZjWfoqpQJ3E='
        option client_ip ''
        list subnet ''

Alloweds IP of yours devices? You have to put tunnel address and/or subnet of client you want to reach.
Windows firewall is allowing ping?
WG it’s the same in a router or in a client…

This is what I have for allowed IPs:

root@GL-MV1000:/etc/config# wg
interface: wg0
  public key: lDPPEBN01sVt6Rh61rtytn/s70Vy/bsV4=
  private key: (hidden)
  listening port: 5001

peer: ekL4tuGGV2gqJYlk0xJJuhNVmrOdsDjFA=
  allowed ips:
  latest handshake: 1 minute, 19 seconds ago
  transfer: 19.40 MiB received, 79.71 MiB sent
  persistent keepalive: every 25 seconds

peer: etX/sxzdf/f2tBI/0WMRq06kPcEsB0DAg=
  allowed ips:,
  latest handshake: 1 hour, 42 minutes, 42 seconds ago
  transfer: 841.57 KiB received, 3.51 MiB sent
  persistent keepalive: every 25 seconds


In alloweds ip of client A put and
In alloweds ip of client B put
Be sure that Windows firewall is allowing ping and files and folders sharing or what you want to reach.

Thank you! Two questions:

  1. Which configuration files do I edit to add the allowed IPs?
  2. On my phone, the WG client shows for the peer (the peer is the server running on the Brume); should this allow for all traffic, including the ping from the Windows client to my iPhone?

In WG app on the iPhone you have to set the IP alloweds tab. On Windows what WG client do you use? Usually there is a dedicated section for alloweds IP or you can edit the file on the dir of WG client. route all traffic but for a s2s is better to explicite what routes you want to use.