It’s working and it’s OK. The Main Node is Part of an existing network that provides an existing gateway (192.168.50.1).
My Problem is that I want to access from Node1 to the Main Node Network.
Ping from 172.31.1.10 (client of the Node1 - Net) to 192.168.50.70 → OK
Ping from 172.31.1.10 (client of the Node1 - Net) to 192.168.50.1 → Not Working
Ping from 172.31.1.10 (client of the Node1 - Net) to 192.168.1.10 (Client what is routed trough the 192.168.50.1) → Not Working
So I played around with the Firewall & Forwarding Rules and got a way it’s working:
[Image in the Next Post because of new User Restrictions]
So I can easily ping:
Ping from 172.31.1.10 (client of the Node1 - Net) to 192.168.50.1
Ping from 172.31.1.10 (client of the Node1 - Net) to 192.168.1.10 (Client what is routed trough the 192.168.50.1)
But my Problem is that NAT (Masquerading) is applied. Some Devices within the 172.31.1.0/24 send UDP packages and cannot deal with NAT because of a special Protocol communication.
So my question is:
Do I need to activate Masquerading (NAT) to can access client’s on the LAN-Side?
I also detected that a ping from the wg1 interface to the 192.168.50.1 or 192.168.1.10 IP only succeeds when enabling Masquerading, otherwise not (from the Main Node).
Do you have any suggestions for me if this can be achieved with traditional routes?
For test reasons I put the firewall for all targets on accept - the other settings are nearly default GL-iNet OpenWrt Installation.
My issue was that the remote-router on 192.168.50.1 has to add the static route to the Networks
from the Wireguard Tunnel Network
from the Node1 Network
via 192.168.50.70
What I detected now is that the S2S-Setup uses NAT & Masquerading within the VPN-Tunnel.
So my question is:
Is it possible to disable NAT on the Tunnel? If I comment this out in the init-script or in the gl_s2s files would this be overwritten if I change the configuration on goodcloud? What does goodcloud changes on the device and how?
I I continue using NAT, then It’s needed to add port-forwarding rules on the Tunnel Network (172.30.55.0/24). For example if the Node1 Tunnel IP Address is 172.30.55.2, then the NAT-IP-Address is 172.30.55.2, and I need to create a UDP Port forwarding from 172.30.55.2:530 to 172.31.1.10:530. Is this possible? How? I saw only the wan interface as a source from port-forwardings…
The Reason why I care about nat is because I’ve a IOT Device behind the Node 1, what needs to communicate with another IOT Device behind the Main Node Network and does not work well with NAT.
