S2S zone missing in Luci - unable to connect between sites from Wireghuard client


Noticed that S2S zone is missing now.

Want to make Wireguard client connected to one site being able to connect to S2S sites.
Any tip? Why S2S zone gone (currently installed 3.211 - but for sure was present in 3.203)

I never see a S2S zone. Are you sure?

Maybe learn some skills Building a Site-2-Site network manually using two GL.iNet routers

Well - you might be right - S2S zone was not existing… Although - when used S2S on older versions simply needed to add one route for wireguard in goodcloud.xyz to make possible for Wireguard Client to connect with other S2S sites…
Any tips how to restore this functionality

You mean the green highlighted part? It should still be there, no?

Hi
This subnet (10.104.0.0/24) is Wireguard VPN in primary site:


Was adding above subnet in “configure LAN IP and access control” in goodcloud.xyz

Afterwards: when connected with Wireguard to main site: were able to connect with other sites.
At the moment wireguard client can only connect to local IPs (10.104 and 10.102) - but can;t connect to other S2S sites.

I mean, you cannot do it now?

Cloud should not changed.

Since 3.211 I can’t.
What is the best way to allow for Wireguard client connect with all S2S sites?

Regarding manual config: what would be than a point of S2S…?
routes are there already. When connected locally (not via wireguard) clients in all sites can connect to each other. It is just wireguard client connected to primary node have issues.

Actually I don’t know what is your question.

I can add items on the cloud without any problem. What is missing?

Picture is more than 1000 words

Howdy
Found it…
Basically PPPoE setup corrupted LUCI in 3.215 (I know: shouldn’t be using snapshot…) - went back to 3.212
anyway - went back to ISP router and DMZ’ed main site… then LUCI setup to allow all traffic is as following:

  1. add two unmanaged interfaces on WG0 and WG1
  2. Add WG0 to wireguard zone
  3. Create new sitetosite zone with wg1
  4. Disable masquarade on wireguard zone
  5. allow forward between LAN, wireguard and site to site

1 Like