S2S zone missing in Luci - unable to connect between sites from Wireghuard client

Matus · 2022-06-21T07:00:59.109Z

Noticed that S2S zone is missing now.

Want to make Wireguard client connected to one site being able to connect to S2S sites.
Any tip? Why S2S zone gone (currently installed 3.211 - but for sure was present in 3.203)

alzhao · 2022-06-22T04:12:32.749Z

I never see a S2S zone. Are you sure?

Maybe learn some skills Building a Site-2-Site network manually using two GL.iNet routers

Matus · 2022-06-22T13:28:19.265Z

Well - you might be right - S2S zone was not existing… Although - when used S2S on older versions simply needed to add one route for wireguard in goodcloud.xyz to make possible for Wireguard Client to connect with other S2S sites…
Any tips how to restore this functionality

image588×619 23.7 KB

alzhao · 2022-06-22T13:33:57.991Z

You mean the green highlighted part? It should still be there, no?

Matus · 2022-06-22T13:48:36.481Z

Hi
This subnet (10.104.0.0/24) is Wireguard VPN in primary site:

image1522×370 18.1 KB

Was adding above subnet in “configure LAN IP and access control” in goodcloud.xyz

image577×580 23.6 KB

Afterwards: when connected with Wireguard to main site: were able to connect with other sites.
At the moment wireguard client can only connect to local IPs (10.104 and 10.102) - but can;t connect to other S2S sites.

alzhao · 2022-06-22T14:08:20.304Z

I mean, you cannot do it now?

Cloud should not changed.

Matus · 2022-06-22T14:21:52.301Z

Since 3.211 I can’t.
What is the best way to allow for Wireguard client connect with all S2S sites?

Matus · 2022-06-23T07:12:52.667Z

Regarding manual config: what would be than a point of S2S…?
routes are there already. When connected locally (not via wireguard) clients in all sites can connect to each other. It is just wireguard client connected to primary node have issues.

alzhao · 2022-06-23T07:16:00.369Z

Actually I don’t know what is your question.

I can add items on the cloud without any problem. What is missing?

image667×730 30.5 KB

Matus · 2022-06-23T07:55:05.887Z

Picture is more than 1000 words

image2347×1791 288 KB

Matus · 2022-06-23T10:20:54.715Z

Howdy
Found it…
Basically PPPoE setup corrupted LUCI in 3.215 (I know: shouldn’t be using snapshot…) - went back to 3.212
anyway - went back to ISP router and DMZ’ed main site… then LUCI setup to allow all traffic is as following:

add two unmanaged interfaces on WG0 and WG1
Add WG0 to wireguard zone
Create new sitetosite zone with wg1
Disable masquarade on wireguard zone
allow forward between LAN, wireguard and site to site

image1186×589 70.3 KB