VPN to LAN routing help

Hello folks,

Happy New Year to all!

I just bought my first OpenWrt product- a Brume MV1000. What I’d like to achieve is 1) LAN to LAN VPN between 3 sites and remote clients and 2) push all Internet traffic out from one of the sites.

I am halfway there- have a Wireguard server up and running and all clients can go out to the Internet via the VPN server. However, I struggle with the LAN to LAN connectivity where clients can access any resources on any LAN.

Here’s the exact current setup:

  1. Wireguard server is 10.0.0.1
  2. Site 1 LAN is 192.168.8.1, public IP 165.225.xxx.xxx
  3. Resource 1 is 192.168.8.170
  4. Client 1 is 10.0.0.2, public IP 24.165.xxx.xxx

Client 1 has no problem connecting to the WG server and accessing the internet using the 165.225.xxx.xxx public IP. However, Client 1 is unable to ping Resource 1 @ 192.168.8.170

Looking at LuCi, I noticed that even though Wireguard is running and Client 1 has connected:

  1. There is no WG interface showing in the dashboard
  2. The list of routes does not show a route from 10.0.0.1 to lan (192.168.8.0)
  3. The wireguard firewall zone is empty and the rule wireguard to lan drops forwarding packets

My networking knowledge is very light. Based on the above observations my hypothesis is that I need to define a Wireguard interface, add the interface to the wireguard zone, and then add routing and firewall rules to enable the flow between Wireguard and the LAN.

I’d very much appreciate some hand holding to figure out how I can take full advantage of the router. Beggars can’t be choosers- the ideal solution would be to setup things via the GUI rather than the CLI, but of course I’d hugely appreciate either approach.

Thanks in advance!

1 Like