Okay I set up site to site connection using client (ax1800) to wg server(axt1800) using this tutorial. The wg client connection is successful. Building a Site-2-Site network manually using two GL.iNet routers(SDK 4.X) - #7 by mkdr
But when using proxy mode auto detect on the vpn client I loose the internet connection on client side. Anyone an idea how to fix that?
Hi
Could you please clarify or provide the following:
If you'd like, you can also follow this guide to share both devices with us via GoodCloud. Once you provide the S2S setup information, we can remotely access it and help check or configure it for you.
Please also send us the device’s MAC address and the admin panel password via private message so we can access it.
wg server (gl axt1800, firmware 4.8.2) 10.0.0.1/24 lan:192.168.222.x
wg client (gl ax1800, firmware 4.8.3) 192.168.111.x
[Interface]
Address = 10.0.0.3/24
PrivateKey = zzzz
DNS = 64.6.64.6,10.0.0.1
MTU = 1420
[Peer]
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = xxxx.glddns.com:51821
PersistentKeepalive = 25
PublicKey = xxxx
PresharedKey = yyyy
Have 2 clients both are connecting correct.
The only problem is that on the gl ax1800 I need to set proxy mode auto detect according to the gl-inet manual, but then the internet in this network does not work any more. If I switch to manual it works again without adding any route. The internet is provided by a G4 router in ip passthrough.
Is it possible tot make the site to site work by adding a manual route so internet keeps working?
FYI
I can see that the 4.8.3 version now only has global mode and policy mode, so different from the manual.
That guide applies to devices running v4.7 firmware.
In v4.8, the configuration is different.
The configuration is as follows:
Go to Admin Panel → VPN → VPN Dashboard, switch to Policy Mode, and configure it so that only traffic destined for the remote subnet goes through the VPN.
Enable the "Allow Remote Access to the LAN Subnet" so the LAN devices from WireGuard Server side could access the LAN devices on WireGuard Client side.
Great. I made the setup. Just running into an issue because the wg server side is also using policy mode to exclude some devices. It might be I set that up wrong because I cannot connect to wg client lan network.
This is the set up on wg server side
any ideas?
The settings in the screenshots you provided don’t appear to affect the S2S scenario.
Have you tried or checked the configuration based on the steps we previously shared?
If you’re not familiar with it or are still experiencing issues, you may consider sharing the device via GoodCloud so we can help review and configure it for you.
All the settings are as in the example.
Only I can see that client MTU = 1420 and server MTU = 1320 is this a problem?
Sorry, we may have missed a step earlier. Please refer to the updated guide and try the following again:
As you can see in my second screenshot above. it was already on.
But isn't the screenshot supposed to show the WireGuard server side?
We can see that it is running a commercial VPN tunnel, and that traffic designated to come from the WireGuard server is not being transmitted via the VPN.
Perhaps we’ve misunderstood your setup.
Could you please clarify further?
On the wg server the option allow LAN subnet is set to ON.
The primary tunnel sends or excludes traffic for some LAN clients.
The cascading tunnel excludes WG server clients from using the VPN.
So that should work right?
Looks like the ip address 192.168.111.1 (wg client LAN) does not get resolved when I do a ping from a wg server side client. Could be a dns thing?
We think that the issue you’re currently facing is that LAN devices on the WireGuard Server side are unable to access LAN devices on the WireGuard Client side. Is our understanding correct?
If so, you’ll need to check the configuration on the router acting as the WireGuard Client (AX1800). In its Admin Panel → VPN → VPN Dashboard, enable “Allow Remote Access to the LAN Subnet.” This will allow LAN devices on the WireGuard Server side to access those on the WireGuard Client side.
Regarding the DNS issue, have you tried accessing the device directly via its IP address? If not, please try using the IP address directly then we can rule out DNS issues for now.
Yes
The setting is switched on.
ping 192.168.111.1 times out.
That’s a bit unusual, as it’s working normally in our local tests.
Would you be able to share the devices with us via GoodCloud, as mentioned earlier?
This way, we can help check and configure all the necessary settings and test them directly in your environment to confirm they work.
Hi, The problem is I don’t have physical access to the wg client side anymore. The router is at a remote location. I can get you access to the router, wg server side, but i don;t know if that will help as earlier from client side I could also not reach lan on the server side.
If the WireGuard client router is not accessible, there may be no way to continue troubleshooting at this point.
We may need to wait until you have another opportunity to access the WireGuard client router and set up GoodCloud remote access, then revisit this issue.
Yes, I think you are right. Let’s put this on hold for now. Thank you for all the previous input.
