Hello,
is it possible to directly assign the LAN port the IP address of the wg0 interface so that the device basically is “in the VPN” alone?
Right now I’m struggling because of a double NAT problem when calling via SIP.
Are you sure the problem is caused by double NAT? My network has double NAT with VoIP working. A common problem is caused by SIP ALG running, which I have disabled on both routers.
If you want to set up a GL.iNet router as a LAN-only “Wireguard appliance”, you can take a look at this thread:
I do not work for and I am not directly associated with GL.iNet
Thanks wcs, this is a step forward but still not what I really meant.
I use a GL.iNet Mango and it has two ports, both act as LAN now (set it up the way you described it).
Port 1 (written WAN on the Mango) goes to my router and Port 2 goes to an IP phone.
I want Port 2 to act as the VPN connection, let me try to explain it.
The Mango has IP 192.168.1.14 on the LAN and connects to a Wireguard server. When connected, it has the IP 10.11.11.2 on the Wireguard VPN interface. All devices in the LAN could now use the Mango as a default gateway and communicate with other devices in the 10.11.11.X subnet.
The IP phone on Port 2 also receives an IP from the LAN, for example 192.168.1.141. However, I want it to “receive” the VPN connection, so the phone should connect as 10.11.11.2 and shouldn’t even “know” that it is virtually connected to a VPN right now.
My problem with SIP (I am using Asterisk) is that literally everything works - except for one thing. When I hangup a call before the other person picked up, the call gets hung up on the phone it self, but the called participant’s phone still rings. When he picks up then, one would hear only silence.
I think I understand your situation and the setup in the other thread should accomplish what you want, but in a slightly different way.
It only requires connecting the Mango LAN Port 2 to the main router in the same IP subnet and the default gateway would be the IP address of the main router. The Mango Wireguard client would connect over Port 2 through the main router to an external Wireguard server, even without the WAN port connected. In this way, the Mango would sit on the LAN as a “Wireguard appliance” and you can connect any client device on the same LAN subset with the default gateway being the IP address of the Mango to go through Wireguard. If the WAN Port 1 is configured as a LAN port, you can connect the IP phone to that port, although I have not personally used that feature.
EDIT:
In this setup, the Mango is in Router network mode, in order for Wireguard to work, and the router is not bridged.
You cannot do it because Wireguard does not work as bridging.
Openvpn has TAP proto which works as bridging.
Note that you will have a lot of traffic if you set up an L2 bridge over VPN. You don’t want to do this unless you really know what you’re doing.