Private Wireguard to server

I have a GL-iNet GL-MT2500. I have been trying to setup a person with remote capabilities for our office, but have not had much luck with setting this up. Our office has PFSense with either OpenVPN or WireGuard available. I have gotten farther with Wireguard than with OpenVPN, as I am down to not being able to ping the main office’s server, instead of traffic going through the VPN, traffic runs to the web. I am able to ping from the main office 50.0 (Office PFSense), 50.1 (GL Side) and 10.188 to my laptop. I had to add a static route on the server at the main office, but it appears with Global Traffic through VPN, additional networks set to 0.0.0.0/0 or the 192.168.0.0/24 of the main office, I can’t seem to get the GL to route the traffic through the Wireguard VPN. I am trying to setup the VPN for our VOIP phone so the unit has to operate standalone routing all traffic through without the use of additional routes as I cannot issue any commands to the hard phone.

Any help is appreciated. I have included my Conf file as I have it with key’s removed

[Interface]
Address = 192.168.50.1/31
ListenPort = 51820
PrivateKey = xxx
MTU = 1420

[Peer]
AllowedIPs = 192.168.10.0/24, 192.168.0.0/24, 192.168.50.0/31
Endpoint = remote.myoffice.com:51820
PersistentKeepalive = 30
PublicKey = yyy

I didn’t understand your issue. Is your wireguard client able to connect the MT2500 wireguard server successfully?
One thing to note is that MT2500 is serving as a VPN server at the WAN port.

It might be helpful to post a network diagram:

(Nice find, @admon: )

OK, I thought I had this working, but apparently 90% isn't 100% :roll_eyes:
So the issue, we have an internal VOIP server (0.184). We use PfSense as our firewall and as our Wireguard server. I have setup a VPN using Wireguard as a remote connector with the GL-MT2500. I am able to communicate back and forth, able to ping back and forth to the appropriate IP address.


<>
[Interface]
Address = 192.168.50.1/31
ListenPort = 51820
PrivateKey = REMOVED
MTU = 1420

[Peer]
AllowedIPs = 0.0.0.0/0
Endpoint = remote.myoffice.com:51820
PersistentKeepalive = 30
PublicKey = REMOVED

I am able to use Wireshark on my office network, the SIP packet of 5060 is making it back and forth as the phone registers with the VOIP server. If I (Bob) make a call from the remote phone (VOIP) to an outside person (Cell - Tom), there is full communication and no issues. Now if Tom calls Bob, the phone rings, Bob picks up, Tom can hear Bob answer hello, but Bob cannot hear Tom. The 3 ports the VOIP server uses to communicate with the remote phone is 5060 TCP, 41000 UDP and 41006 UDP. Wireshark is showing I am receiving packets from the remote phone (as evidence Tom can hear Bob), but not sure the UDP packets are making it to the remote phone.
I have tried:

  • Using DMZ
  • Port Forwarding
  • open ports on the router
    I am able to plug my laptop into the GL device, ping, access office servers etc. I figure because the 41000 UDP packets are "unrequested" that is why they are not being sent to the phone properly, but looking for some help.
    BTW, if it is the "Forward" being the problem, would be great if I could enter a "range" rather than one at a time.