Wireguard Access Client lan without using Gateway GL-SFT1200

Hello Forum,

i have a 2 GL-SFT1200 (Wireguard Server / Wireguard Client). It works perfectly so far. I can connect to a plc or pc, if the gateway is set to the Wireguard Client IP Address. So now i have a situation, where the Gateway is used for different communication stuff, and i need a solution, there i can access the Wireguard client network without that gateway is configured.

I think i need something like IP routing, but the examples i found do not fit, to this router. For Example i found a solution to configure a wg0.conf file, that does not exists.

Also i found this (Search google for wireguard-how-to-access-a-peers-local-network)

PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o wlan0 -j MASQUERADE

But not sure in which file, it should go.

I am almost there, but i do not find final step.

Thank you for your help.

Ok good news for now.
I used following iptables commands in ssh and it worked

iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o br-lan -j MASQUERADE

So only missing part is, there to put it so after reboot nothing is lost.

You can configure these parameters in the firewall of luci that the configuration is not lost even if the device restarts.

image1455×876 46.3 KB

Thank you. This worked!!!

I have a similar problem: I have a wireguard server A, I have a wireguard client B and a wireguard client C (Opal router). I would like to reach C's LAN from B, with all IPs allowed on all clients They are set to 0.0.0.0/0. I can't do it... I'm going crazy and I don't know where to put my hands....

I suggest that you open a new topic other than reply on an old topic.

But for your issue, it is a stanard S2S setup. Site-to-Site Network - GL.iNet

Thank you for suggestion

Discussion goes to How to Access a Peer’s Local Network