In my X3000 router I have set any client connected to guest Wi-Fi to have its traffic through Wireguard client. I switch between main ISP and VPN for each client whenever I desire.
The problem is that I want guest Wi-Fi clients to also have LAN access. This is because they can reach NAS and Plex on NAS.
I have tried turning on "Allow remote access to the LAN subnet" in VPN policy and also in guest netwrok setting disabling isolation but nothing worked.
I have my own VPS setup with Wireguard so there is less worry, but how to achieve LAN access for local devices ? Any thoughts?
I think that could be a routing problem, because I suppose that if you are using VPN tunnel with guest network, you are redirecting all traffic through wireguard tunnel, so lan is unreachable (because all packets are redirected). If you want to maintain your config and access local resources you should config policy based routing (PBR), but also consider to use normal wifi network (considering that guest network only advantage is to separate guest traffic and internal trusted traffic).
Hi
This is a bit unusual, because in theory the Guest network should not be able to access LAN resources.
However, if you would like to allow it, you can enable forwarding from Guest to LAN under LuCI → Network → Firewall:
If you only want to allow Guest access to the NAS:
