Wireguard connection issues

Technical Support for Routers
1

Hi
still playing around with X300B.

Uploaded our test config file for WIREGUARD as client which works smoothly with other routers.
It connect and we do have internet through X300B.
IP also is the fireguard IP.
That’s OK

I tried to open some ports on routers so I can connect to X300B through wireguard.
See screen shots.
It didn’t worked.

I can’t ping X300B
I can’t reach it neither via SSH, nor via GUI (http80)
Of course… I’m connecting from another network (home, while X300B is in office), using a different wireguard config, while connected on the same wireguard server of the X300B.

Before you ask me… yes, when I use the same config file with another router and when I open the ports 22 and 80 on that router, I can access from my desktop (different network) also connected to same wireguard server.

Where am I mistaking ?
Thanks for help

Screen Shot 2021-08-03 at 10.24.05
Screen Shot 2021-08-03 at 10.24.05643×1069 43.3 KB

Screen Shot 2021-08-03 at 10.24.15
Screen Shot 2021-08-03 at 10.24.15646×579 30.4 KB

Screen Shot 2021-08-03 at 10.24.25
Screen Shot 2021-08-03 at 10.24.251046×372 22.9 KB

Screen Shot 2021-08-03 at 10.24.30
Screen Shot 2021-08-03 at 10.24.301039×436 25.9 KB

2

Do you have this turn on?

image
image708×478 13.9 KB

If yes you should not need to set up firewall and open ports

3

Thanks for your reply.

NO ! It was OFF
In attachment the screenshot of that.

Screenshot 2021-08-03 at 17.33.12
Screenshot 2021-08-03 at 17.33.121350×980 93.9 KB

Here below is the ping while I was connected with my laptop from home (X300B in office different internet connection/isp)
My laptop got IP 10.100.100.5
My server is 10.100.100.1
X300B is 10.100.100.8
ZBT WE826 running 19.07 stock using different ISP is 10.100.100.9
As you can see:

  • I can ping SERVER (10.100.100.1)
  • I can ping ZBT WE 826 (10.100.100.9)
    but I can’t neither ping nor reach X300B (10.100.100.8)

Screenshot 2021-08-03 at 17.35.07
Screenshot 2021-08-03 at 17.35.071174×1066 259 KB

I then decided to (1) disconnect WIREGUARD in X300B, (2) switch ON “Allow Access Local network”, (3) delete rules in OPEN PORT IN ROUTER and reconnect WIREGUARD

Screenshot 2021-08-03 at 17.36.47
Screenshot 2021-08-03 at 17.36.471302×948 92 KB

Screenshot 2021-08-03 at 17.36.56
Screenshot 2021-08-03 at 17.36.562084×702 86.7 KB

As you can see
NOTHING changed.
Still unreachable…

Screenshot 2021-08-03 at 17.37.17
Screenshot 2021-08-03 at 17.37.171186×750 88.3 KB

By the way before you ask me… if I use the ZBT WE826 wireguard config, result is again the same. 10.100.100.9 (now the X300B) can’t be pinged or reached.

4

UPDATED !!!

Although I rebooted X300B several times, each one after any changes before try wireguard etc…after to have updated the firmware just now to 3.203… IT’S WORKING !!!

I have a question…
Which of the two way is better to use.
(a) ALLOW ACCESS LOCAL NETWORK switched ON + OPEN PORT ROUTER no rules
or
(b) The other way around: ALLOW ACCESS LOCAL NETWORK switched OFF and use rules on the OPEN PORT ROUTER.

Thanks
P.

5

I think only a) works. But I may be wrong.

a) Only allow input from vpn interface.
b) Allows port from wan and vpn interface. When vpn is not on, the port is still open on wan. But you can do some detailed settings in LuCi