…
Fixed the problem that the client of the router cannot access the address of the Wireguard server when using Wireguard client
So you are aware of this since at least 2020-12-14, and today 2024-1-10 your stable branch still blocks secure VPN connection of LAN clients to WireGuard server when router is connected as client to same WireGuard server.
remote server is BSD firewall running on VPS with public IP. Wg network is 10.1.0.0/16. It has dozens of connected peers. Each peer has allowed IP /32, firewall does the forwarding within the WG network only (split tunnel).
local gatway is is GL-X750 Spitz running Version: 3.217. It is 10.1.5.50/16 inside the VPN.
local LAN client is Ubuntu desktop. It is 10.1.6.7/16 inside the VPN.
when I turn on wg client on GL-X750 Spitz, firewall can reach 10.1.5.50 but not 10.1.6.7. When I turn off wg client on GL-X750 Spitz, firewall can reach 10.1.6.7 but not 10.1.5.50.
when I turn on wg client on GL-X750 Spitz, local LAN client (ubuntu desktop) can reach any IP on the Internet EXCEPT the public IP (outside the VPN tunnel!) of the remote wg server.
If I flash the very same GL-X750 Spitz with OpenWRT stable and use the very same wg config applied to original firmware, it works as expected and both LAN client and gateway router can connect to same wg server at the same time, as public IP routing toward the wg server is not disrupted by the gateway.
won’t switch from stable to snapshot to fix a routing problem. I need a stable solution. I’m not a tester but a customer.
I already have a working solution based on custom firmware derived from OpenWRT. It does work, it passes my lab tests, but it’s not the official stable solution from GL.iNet staff, and I well now how modem needs tuning to be stable, and it is.
I’m losing confidence that betting on GL.iNet software was the right thing to do