Raspberry pi as Wireguard server and OpenVPN client: No connection to devices

Hello,

I am trying and searching a lot but I am struggling with my scenario. I found some same posts, but there was no solution.

-I am using a Raspberry PI (192.168.10.100) to connect as a openvpn client to Nordvpn. This PI is the Gateway for my local clients to use the VPN connection

  • I set up a Wireguard Server on the PI to receive connection from outside my network. The ports are open on my Router (192.168.10.1)

  • When I am connecting my smartphone from my home network (not using the PI as VPN Gateway, using the ISP-IP) to the Wireguard server, I am connected and I am using the open vpn connection. I am getting the IP from Nordvpn. Everything works fine.

  • When I am connecting the smartphone outside my LAN with mobile connection, I am connected to the VPN as well (getting the Nordvpn-IP) I am able to access internal devices like the router or any WLAN-repeater but I am not able to connect to the PI via SSH or HTTP.

It seems, that PI is not accepting the connection from the Wireguard connection.

Can anyone. help me please. Here is my configuration:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.8.2.1        128.0.0.0       UG    0      0        0 tun0
0.0.0.0         192.168.10.1    0.0.0.0         UG    202    0        0 eth0
5.180.62.99     192.168.10.1    255.255.255.255 UGH   0      0        0 eth0
10.6.0.0        0.0.0.0         255.255.255.0   U     0      0        0 wg0
10.8.2.0        0.0.0.0         255.255.255.0   U     0      0        0 tun0
128.0.0.0       10.8.2.1        128.0.0.0       UG    0      0        0 tun0
192.168.10.0    0.0.0.0         255.255.255.0   U     202    0        0 eth0

rc.local

sudo ip rule add from 192.168.10.100 lookup 9
sudo ip route add default via 192.168.10.1 table 9
sudo ip route add default via 192.168.10.1 dev eth0 table 6
sudo ip rule add fwmark 0x55 priority 1000 table 6
sudo ip route flush cache
sudo iptables -t filter -A FORWARD -i wg0 -o tun0 -j ACCEPT
sudo iptables -t filter -A FORWARD -o wg0 -i tun0 -j ACCEPT
sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

wg0.conf

[Interface]
Address = 10.6.0.1/24
MTU = 1420
ListenPort = 51820
fwMark = 0x55
PrivateKey = ...

[Peer]
PublicKey = ...
PresharedKey = ...
AllowedIPs = 10.6.0.2/32

Thanks in advance

Not an expert, you may need to open ports on the Pi’s openvpn interface?

I know it’s always nice to help out polite people. You are very polite no doubt. So please don’t take this as impolite, But have you tried a solution that includes at least 1 piece of Gl-inet hardware. Just saying, being a Gl-inet forum.

1 Like

My guess is that you have to go through the Raspberry Pi’s WAN Wireguard IP address (10.6.0.1?) that may require port forwarding on port 22 for SSH. I don’t think there is NAT loopback on the LAN side.