Problem accessing Server LAN using Wireguard

toastysailor · December 2, 2023, 5:41pm

I am having difficulty accessing my Server LAN from my Client LAN using Wineguard.

I have two networks: my Server LAN network is 192.168.10.1/24, and my Client LAN is 192.168.20.1/24. I have a Wireguard Server running on a GL-AX1800 and a Wireguard Client running on a GL-X750V2.

When I connect the Client and Server Wireguard VPN, they show as connected (green dots on both). On my client I go to google and search “whats my ip” and it tells me the WAN IP of my Server Router, which is great. That tells me that Internet traffic is being sent from the Client to the Server and then out to the Internet.

However, when I try to access any IP on my Server LAN, it doesn’t go through; I can’t ping or access my web server on my Server LAN.

Here is my client Wireguard configuration:

[Interface]
Address = 10.0.0.2/24
PrivateKey = XXXXXXXXXXXXXXXXX
DNS = 64.6.64.6
MTU = 1420

[Peer]
AllowedIPs = 0.0.0.0/0,::/0
Endpoint = XXXXXX.glddns.com:51820
PersistentKeepalive = 25
PublicKey = XXXXXXXXXXXXXXXXX

Here is my Client route table (from SSH into the router):

root@GL-X750:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         0.0.0.0         128.0.0.0       U     0      0        0 wg0
0.0.0.0         33.144.105.165  0.0.0.0         UG    40     0        0 wwan0
10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 wg0
33.144.105.164  0.0.0.0         255.255.255.252 U     40     0        0 wwan0
76.167.168.222  33.144.105.165  255.255.255.255 UGH   40     0        0 wwan0
128.0.0.0       0.0.0.0         128.0.0.0       U     0      0        0 wg0
192.168.20.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan

How can I set this up so I can also access my server LAN (192.168.10.1/24) from my client LAN?

NOTE: Allowed IPs is set to “0.0.0.0/0,::/0”, so everything including the Server LAN addresses should be going to Wireguard.

bring.fringe18 · December 2, 2023, 8:47pm

toastysailor · December 3, 2023, 1:33am

Thank you so much for this. It helped me get part of the way.

Following those instructions as much as I can, I am now able to access the Server LAN from the Client LAN. However, I still cannot access the Client LAN from the Server LAN.

Part of the issue is that the Client router is a GL-X750V2, and the latest firmware for it is v3.217. The instructions are for v4.x. So my screens do not look like the ones described, and in particular I do not have the “VPN Dashboard” on the GL-X750V2 or the ability to specify “Auto Detect” for the VPN client.

If there are any instructions on how to set this up with the client for SDK v3.x, that would help.

bring.fringe18 · December 3, 2023, 4:53am

Well, drats… you’ll have to hold tight until GL comes across this. @hansome might have some insights on getting you the proper/custom iptables firewall/routing rule.

Be prepared to go into LuCI… & after SSH’ing back into the Client you might want to install the nano editor:

toastysailor · December 3, 2023, 4:59am

Well, I found the following solution for v3.x:

So, I cobbled together some ideas from the 4.x HOWTO and the 3.x HOWTO, mixed in a bunch of head scratching and trial-and-error, and somehow I finally got it all working.

I’m afraid if I breathe on it too hard it might stop working!

Luckily, I was able to figure out how to make the changes persist across reboot of the routers (both of them), so I should be good.

Thanks for your help!

bring.fringe18 · December 3, 2023, 5:01am

Nice. You should consult that HOW-TO link I posted; there’s some caveats when trying to backup custom firewall rules/routes.