Site to site, wireguard server, mobile client access

Technical Support for Routers
1

Hello, need some help. I’m try find in forum this information but with no results.
I’m setup s2s in GoodCloud with adress range 172.30.55.0/24, B-1300 router A have 192.168.1.0/24 network and B-1300 router B have 192.168.2.0/24 network, s2s work, all good.
On the router A i’m setup wireguard server for Wireguard mobile app with 10.0.0.1/32 adress, “Allow Access Local Network” is on (on the both routers firmware is 3.105 beta 2), configure mobile app from QR code, mobile client can see only 192.168.1.0/24 network, and can’t see 192.168.2.0/24 network.

What i’m need to do to grant access my mobile client (or some other mobile client) to router B network 192.168.2.0/24? Need to configure firewalls on the both routers? And perhaps add this feature in new firmware releases like “Allow Access Site To Site Network” :slight_smile: ?

2

Try the following firewall rules on router A
iptables -I FORWARD -i wg0 -o wg1 -j ACCEPT

3

All works, many thanks luochongjun :beers:

4

On the B-1300 some time this firewall rule is reset, iptables -I FORWARD -i wg0 -o wg1 -j ACCEPT, and need again write rule on router A (fw ver. 3.105).
Now devices is sold out, and i’m use 2 pc mv1000w in different cities, with s2s only at this time

Dear developers, tell me is it right to do so s2s from goodcloud and wireguard server at the same time? Or need use s2s and OpenVPN for other mobile and not mobile clients?
Someone on the forum says that it is better not to do this (WG s2s and WG server), I would like to confirm or deny this information

5

how can I open access to wireguard clients of router A server to all tunnels s2s wg0 wg1 wg2 and e.t.c. So that the client of any router (network) sees all clients of other routers (networks)

iptables -I FORWARD -i wg0 -o wg1 -j ACCEPT

works, but if I have not only s2s (wg0) and wireguard server (wg1) on router A for mobile clients, if I have 3 or more routers in s2s configured through a good cloud?

Can this be done in a GUI router or in a good cloud?

6

Rule iptables -I FORWARD -i wg0 -o wg1 -j ACCEPT is reset after few days, firmware version 3.203 20210703, on the router A is setup s2s (via GoodCloud) and wg server (from web interface), configured 2 mobile clients, clients have not access to lan Router B after few days.

I’m found what is it. After reboot router this rule is reset.

7

You’d better not configure S2S and wireguard server at the same time. Maybe the interface was restarted and firewall was reloaded.

8

Need mobile client access to lan’s routers A, B and C, configure s2s from Goodcloud and configure OpenVPN server? How can i grant access mobile clients to all lan’s? If i’m youse 3 routers in s2s or more. Today i’m add Mango in s2s, my s2s is Brume-w (router A), Brume-w (router B) and Mango (router C)

If I need a high-performance s2s, I only need one main router with a good hardware?

9

As you did the above and it works, the only problem is that this rule was reset, right?

Maybe you can just create a forward rule in /etc/config/firewall and it is OK.

config forwarding
    option src 'wg0'
    option dest 'wg1'
    option enabled '1'
10

Yeap

How grant access for mobile clients to all networks if i’m use 3 routers or more)? And how configure if i’m use openvpn server not wireguard (you say better not use s2s and wireguard server in the same time)

11

Can you just try the firewall rules I sent above?

12

this file have 2 strings in config forwarding

config forwarding
option src ‘lan’
option dest ‘wan’

should it look like this?

config forwarding
option src ‘lan’
option dest ‘wan’
option src ‘wg0’
option dest ‘wg1’
option enabled ‘1’

13

If you put this in OpenWrt (admin) > Netowrk > Firewall > Custom rules, it should be applied during startup, so the rule should be reapplied after reboot?

14

The rules are automatically applied after the router reboot.