Trying to get an MV1000 setup as a VPN server at an office.
Office has two subjects 192.168.4.1/24 and 192.168.7.1/24
MV1000 gets a static IP of 192.168.7.10
Port forward UDP 51830 (yes 30, not 20) to static IP
MV1000 is plugged into their network on WAN port.
WireGuard VPN settings
LANIP: 192.168.200.0/24
Local Port: 51830
Created test connection for my phone. Handshake is successful and the MV1000 shows my phone connected. Only problem (and biggest) is that no traffic will pass. I’ve tried setting my phone allowed IPs to both 0.0.0.0 or 192.168.7.0/24.
Running the wg command via ssh shows the following. I’ve set up another MV1000 that is on an older firmware and didn’t have this issue.
Found the documentation to add “list subnet 192.168.7.0/24” to the end of the each peer config on the file /etc/config/wireguad_server. Now WG shows the the proper subnet as allowed but i still can’t navigate to my Synology on the server’s network (on the dot 7 subnet). This feels like a firewall issue.
I’m not going to be really much help here, but shouldn’t the MV1000 be connected on the LAN port? The wireguard server is going to pass traffic to its LAN side connections, won’t it? Or maybe you need a route from the 192.168.200.8 IP to the 192.168.7.x ips.
Ok so the network is run by an Eero (not sure which model) and its main subnet is 192.168.4.0/22 (which explains the IPs in the 192.168.7.X range).
That being said, take a look at the routes. The 7 network is getting tagged to wg0??? The wireguard server is setup to use 192.168.200.0/24 (outside the DHCP address).