Trying to get an MV1000 setup as a VPN server at an office.
Office has two subjects 192.168.4.1/24 and 192.168.7.1/24
MV1000 gets a static IP of 192.168.7.10
Port forward UDP 51830 (yes 30, not 20) to static IP
MV1000 is plugged into their network on WAN port.
WireGuard VPN settings
Local Port: 51830
Created test connection for my phone. Handshake is successful and the MV1000 shows my phone connected. Only problem (and biggest) is that no traffic will pass. I’ve tried setting my phone allowed IPs to both 0.0.0.0 or 192.168.7.0/24.
Running the wg command via ssh shows the following. I’ve set up another MV1000 that is on an older firmware and didn’t have this issue.
Found the documentation to add “list subnet 192.168.7.0/24” to the end of the each peer config on the file /etc/config/wireguad_server. Now WG shows the the proper subnet as allowed but i still can’t navigate to my Synology on the server’s network (on the dot 7 subnet). This feels like a firewall issue.
I’m not going to be really much help here, but shouldn’t the MV1000 be connected on the LAN port? The wireguard server is going to pass traffic to its LAN side connections, won’t it? Or maybe you need a route from the 192.168.200.8 IP to the 192.168.7.x ips.
Just tried SSH into the box. The MV1000 can ping the 192.168.4.1 subnet, but not the 192.168.7.1 subnet. Something is funky with their network…
Ok so the network is run by an Eero (not sure which model) and its main subnet is 192.168.4.0/22 (which explains the IPs in the 192.168.7.X range).
That being said, take a look at the routes. The 7 network is getting tagged to wg0??? The wireguard server is setup to use 192.168.200.0/24 (outside the DHCP address).
Curious if i found a bug in this version. I ended up installing the 102 version. Everything works as expected there. Routes are labeled correctly.
Which version are you using? I think in 3.105 the firewall rules are changed so it may cause trouble.
In newer beta 3.203 this is fixed so you can added allowed ip.
But as you are building Site-2-Site setup, you can try our GoodCloud managed solution?
Correct, I was on 105 with the routing/firewall issue. Rolled back to 102 for the fix.
Can you try 3.203 snapshot GL.iNet download center