S2s and WireGuard Server

I’d like to allow access to clients on the WireGuard server interface (wg0) to the glS2S networks. I see we have /var/etc/gls2s.include which has the firewall includes. Is there a known config to add the wg0 (wg server) interface to allow wg0 > wg1 (s2s) traffic? will that overwrite if the s2s ever gets reconfigured? Is there a better way to add another include that won’t get overwritten?

You can add customer firewall rules. Do that in luci->network->firewall

As I’m sure you are aware s2s doesn’t show up as a selection in luci’s ui. Hence me digging around in the shell.

UPDATE: Found it. Leaving this here for posterity.
To route from Wireguard or any VPN’d client to the Goodcloud routed networks

Open Luci navigate to Network > Firewall > General > LAN > Edit > Advanced Settings > Covered devices > Choose your correct s2s device

I’m not sure if ‘wg1’ is always the s2s interface, but it is on all my routers. Probably depends on the order you set things up in(?).

1 Like