Wireguard Server MV1000 - connects, but no traffic allowed

Trying to get an MV1000 setup as a VPN server at an office.

Office has two subjects and
MV1000 gets a static IP of
Port forward UDP 51830 (yes 30, not 20) to static IP
MV1000 is plugged into their network on WAN port.

WireGuard VPN settings
Local Port: 51830

Created test connection for my phone. Handshake is successful and the MV1000 shows my phone connected. Only problem (and biggest) is that no traffic will pass. I’ve tried setting my phone allowed IPs to both or

Running the wg command via ssh shows the following. I’ve set up another MV1000 that is on an older firmware and didn’t have this issue.

Found the documentation to add “list subnet” to the end of the each peer config on the file /etc/config/wireguad_server. Now WG shows the the proper subnet as allowed but i still can’t navigate to my Synology on the server’s network (on the dot 7 subnet). This feels like a firewall issue.

I’m not going to be really much help here, but shouldn’t the MV1000 be connected on the LAN port? The wireguard server is going to pass traffic to its LAN side connections, won’t it? Or maybe you need a route from the IP to the 192.168.7.x ips.

Just tried SSH into the box. The MV1000 can ping the subnet, but not the subnet. Something is funky with their network…

Ok so the network is run by an Eero (not sure which model) and its main subnet is (which explains the IPs in the 192.168.7.X range).

That being said, take a look at the routes. The 7 network is getting tagged to wg0??? The wireguard server is setup to use (outside the DHCP address).

Curious if i found a bug in this version. I ended up installing the 102 version. Everything works as expected there. Routes are labeled correctly.

Which version are you using? I think in 3.105 the firewall rules are changed so it may cause trouble.

In newer beta 3.203 this is fixed so you can added allowed ip.

But as you are building Site-2-Site setup, you can try our GoodCloud managed solution?

Correct, I was on 105 with the routing/firewall issue. Rolled back to 102 for the fix.

Can you try 3.203 snapshot GL.iNet download center