Wireguard only works one way

Hoping I can find an answer here - WireGuard is only working one way.

I’ve have two GL.iNet AX3000 routers, which work very well and I’m very happy with them. Good value for money.

One router runs a Home network & the other runs a small Travel network. I’m using WireGuard to connect the two networks, so they act as one.

From the Travel network, all of the Home network is visible. I can SSH into devices, view local web pages, access Windows shares, look at Linux based computers, etc - both hardwired and WiFi. Works perfectly.

However, from the Home network, nothing is visible on the Travel network; no shares, no internal web pages, no SSH and nothing can be pinged from either Windows or Linux based devices. Internally, amongst itself, the Travel network all works fine.

There is one important exception: I can access the Travel router Admin page from the Home LAN on 10.0.0.2 and can also ping it & SSH into it. But I cannot access the Travel Admin page using 192.168.8.1, which is where it is located on the Travel network. The Travel router Admin page on the Home LAN on 10.0.0.2 is fully function and shows all the information correctly. I can open up the Luci pages and the same, all OK. But the Admin page is not available on 192.168.8.1. Nor is anything else, be it WiFi or hardwired LAN.

The Home router (server) accesses the internet via a cable modem with a fixed IP address.
The Travel router (client) accesses the internet via a mobile phone tethered to the router.

In the Admin pages: Dashboard, Server/Client have green (turquoise) lights. Dashboard says Server (Home) has one Client online (Travel). Up & down traffic show data is flowing.

The Home & Travel networks are on different subnets.
The ‘Allow Remote Access LAN’ & ‘IP Masquerading’ are set to on in the WireGuard set up on the server (Home)side. The client (Travel) does not have these settings available.
‘Allowed IPs’ is set to 0.0.0.0/0, ::/0 at both ends.

Any ideas on how to resolve the above are welcome.

Side issue: in Luci–>Network–>Interfaces to the right of the WGSERVER/WGCLIENT it says: “Unsupported protocol type. Install protocol extensions…” I’ve installed the extension and rebooted. In System–>Software–>Installed_Tab it is shown as installed: ‘luci-proto-WireGuard git-21.243.21928-71fe35c ~3.3 KB Support for WireGuard VPN’ but is isn’t working. Any fix for this?

Being able to access the Interface editor for the WireGuard interfaces would be useful.

It seems to match the following scene.

Wireguard is a one-way connection as indicated by the terminology, Client and Server. If you need the Home network to connect to the Travel, then you need another tunnel in that direction.

Cheers.

Not quite true. WitreGuard is peer-to-peer and looks like GL.iNet messed it up trying to apply that Clien/Server terminology and approach. Found this thread trying to see why it is “Unsupported protocol type” in Lucy and why multiple peers do not work with GL.iNet Wireguard config… It takes only the last peer for some reason.

I used to have good luck ignoring GL.iNet GUI for Wireguard config and just set everything up in Lucy as one would normally do on OpenWRT. Have mesh of Wireguard-connected GL.iNet routers working great with both clean OpemWRT and GL.iNet ver 3. firmwares. Wanted to give a try to GL.iNet v4 firmware GUI for Wireguard configuration, but seems like they still have it screwed up with client/server stuff.

Too bad. Wanted to use button to turn WireGrard on/off.

Anyway @A-Lurker - for the fix - I’m pretty sure you can setup all you want in Lucy if you do not try to use GL.iNet GUI. You installed lucy protocol extensions - now create interface, select WireGuard VPN type and set it up to your liking. Just follow Lucy UI and OpenWRT documention/tutorials

Also here because I tried to set up a site to site wireguard network but it looks like GL iNet does not want us to do that without using Goodcloud? I can only choose server or cllient in the GL iNet GUI and I see Unsupported protocol type. in Luci in the advanced setting but when I update package list I see the luci proto wireguard is already installed and greyed out so I cant do anything in Luci. I have not tried via ssh yet