Matus
1
Noticed that S2S zone is missing now.
Want to make Wireguard client connected to one site being able to connect to S2S sites.
Any tip? Why S2S zone gone (currently installed 3.211 - but for sure was present in 3.203)
alzhao
2
Matus
3
Well - you might be right - S2S zone was not existing… Although - when used S2S on older versions simply needed to add one route for wireguard in goodcloud.xyz to make possible for Wireguard Client to connect with other S2S sites…
Any tips how to restore this functionality
alzhao
4
You mean the green highlighted part? It should still be there, no?
Matus
5
Hi
This subnet (10.104.0.0/24) is Wireguard VPN in primary site:
Was adding above subnet in “configure LAN IP and access control” in goodcloud.xyz
Afterwards: when connected with Wireguard to main site: were able to connect with other sites.
At the moment wireguard client can only connect to local IPs (10.104 and 10.102) - but can;t connect to other S2S sites.
alzhao
6
I mean, you cannot do it now?
Cloud should not changed.
Matus
7
Since 3.211 I can’t.
What is the best way to allow for Wireguard client connect with all S2S sites?
Matus
8
Regarding manual config: what would be than a point of S2S…?
routes are there already. When connected locally (not via wireguard) clients in all sites can connect to each other. It is just wireguard client connected to primary node have issues.
alzhao
9
Actually I don’t know what is your question.
I can add items on the cloud without any problem. What is missing?
Matus
10
Picture is more than 1000 words
Matus
11
Howdy
Found it…
Basically PPPoE setup corrupted LUCI in 3.215 (I know: shouldn’t be using snapshot…) - went back to 3.212
anyway - went back to ISP router and DMZ’ed main site… then LUCI setup to allow all traffic is as following:
- add two unmanaged interfaces on WG0 and WG1
- Add WG0 to wireguard zone
- Create new sitetosite zone with wg1
- Disable masquarade on wireguard zone
- allow forward between LAN, wireguard and site to site
1 Like
