Try 1: Extending /etc/config/wireguard to separate for example:
option allowed_ips '192.168.102.1/32'
option allowed_ips '192.168.10.0/24'
option allowed_ips '192.168.20.0/24'
option allowed_ips '192.168.30.0/24'
Problem 1A)
After reboot, the GLINET scripts can´t interpret the configfile anymore and don´t show the established connection in the WebGUI and tell me to create one. With a single entry the config is “back”.
Problem 1B)
Independent from showing the connection in the WebGUI:
Only one route from the last entry of option allowed_ips got automatically created.
This subnet is correctly reachable.
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.179.1 0.0.0.0 UG 20 0 0 wlan-sta
46.xx.xx.xxx 192.168.179.1 255.255.255.255 UGH 0 0 0 wlan-sta
192.168.8.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
192.168.9.0 0.0.0.0 255.255.255.0 U 0 0 0 br-guest
192.168.30.0 0.0.0.0 255.255.255.0 U 0 0 0 wg0
192.168.102.0 0.0.0.0 255.255.255.0 U 0 0 0 wg0
192.168.179.0 0.0.0.0 255.255.255.0 U 20 0 0 wlan-sta
Problem 1C:
After adding a new manual route to one of the “missing” subnets:
ip route add 192.168.10.0/24 dev wg0
no client in this subnet ist reachable. It seems that wireguard don´t get all allowed_ips correctly.
@GLrs: Does not work!
Try 2: Extending /etc/config/wireguard for example:
option allowed_ips ‘192.168.102.1/32, 192.168.10.0/24, 192.168.20.0/24, 192.168.30.0/24’
Problem 2A)
No route gets created. I think again because of incorrect interpretation of the config file.
192.168.102.1 UH gets created
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.179.1 0.0.0.0 UG 20 0 0 wlan-sta
46.xx.xx.xxx 192.168.179.1 255.255.255.255 UGH 0 0 0 wlan-sta
192.168.8.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
192.168.9.0 0.0.0.0 255.255.255.0 U 0 0 0 br-guest
192.168.102.0 0.0.0.0 255.255.255.0 U 0 0 0 wg0
192.168.102.1 0.0.0.0 255.255.255.255 UH 0 0 0 wg0
192.168.179.0 0.0.0.0 255.255.255.0 U 20 0 0 wlan-sta
Solution:
ip route add 192.168.10.0/24 dev wg0
ip route add 192.168.20.0/24 dev wg0
ip route add 192.168.30.0/24 dev wg0
Every Subnet is reachable from GLINET Site.
GLINET subnet is reachable form other side.
Problem 2B)
After rebooting the routes are gone.
@All:
Whats the correct way to get that routes permanently, so that they don´t get lost after reconnecting / rebooting?
Temporary i insert
ip route add 192.168.20.0/24 dev wg0
ip route add 192.168.30.0/24 dev wg0
ip route add 192.168.181.0/24 dev wg0
under custom Rules in the firewlall settings. Seems to work after reboot.
Last but not least another big Problem (all my iot devices are actually stop working):
After get everything temporary working i can´t reach my webserver/databases (same WAN IP as the Wireguard Server) from any GLINET client.
DNS is working correctly. Traceroute stops after 192.168.8.1 with no route to host. Ping answers Host not reachable.
But via ssh on GLINET i can ping and traceroute to my webserver correctly. Same problem like last year. Also i can´t ping other domains which points to the same homenet IP.
I would be happy if someone give me a hint how solve this issues …
Edit: I tried to find something and activated Firewall logging on the LAN Zone but i don´t find any entry from the firewall in the system.log that anything is rejected. Now i need to turn erverything back to opnvpn until someone can help me. I think yesterday after manually start wireguard in the gui and manual adding the routing rules that problem doesn´t exist. As i said from the GLINET itself i can reach the webserver/databases correctly.
root@GL-AR300M:~# ping xyz.de
PING xyz.de (46.xx.xx.xxx): 56 data bytes
64 bytes from 46.xx.xx.xxx: seq=0 ttl=58 time=25.526 ms
Client:
pi@client:~ $ ping xyz.de
PING xyz.de (46.xx.xx.xxx) 56(84) bytes of data.
From 192.168.8.1 (192.168.8.1) icmp_seq=1 Destination Host Unreachable
pi@client:~ $ sudo traceroute -d xyz.de
traceroute to xyz.de (46.xx.xx.xxx), 30 hops max, 60 byte packets
1 192.168.8.1 (192.168.8.1) 0.591 ms 0.697 ms 0.827 ms
2 192.168.8.1 (192.168.8.1) 1.032 ms !H 1.250 ms !H 1.467 ms !H
pi@client:~ $ sudo ip route
default via 192.168.8.1 dev eth0 src 192.168.8.10 metric 202
192.168.8.0/24 dev eth0 proto dhcp scope link src 192.168.8.10 metric 202