I have the following setup:
Flint (192.168.10.1) → 3rd party router (192.168.100.1) → internet
Slate AX (192.168.20.1) → 3rd party router (192.168.179.1)-> internet
Situation:
The VPN connection between Slate AX as a client and Flint as a server is established.
Issue:
The clients connected to Slate AX are not able to reach anything, when VPN connection is established. But the Slate AX itself is able to reach everything (LAN 192.168.10.0, LAN 192.168.100.0 and internet [over Flint’s internet connection]).
Question:
Why are the clients, which are connected to Slate AX, not able to communicate over the VPN connection?
a further test I have done
I stopped the VPN connection on the Slate AX. On a client, connected to Slate AX, I installed and configured a Wireguard Client to connect with the Flint. Connection works and the client is able to reach everything (LAN 192.168.10.0, LAN 192.168.100.0 and internet [over Flint’s internet connection])
my conclusion
Something with the Slate AX configuration must be wrong and that is reason why his clients are not able to user his VPN connection. Unfortunately I am not able to figure it out.
As a first debugging step I’d recommend installing the final 4.1 versions on both routers. That’s unlikely to be the problem but there were enough things being changed that it’s worth a first shot.
And yes, 0.0.0.0/0 is all IPv4 addresses. The fact the Slate itself can access but clients can’t suggests it’s a problem with the LAN firewall rules. If this were stock OpenWRT it would be easier to debug, but I’m not sure what gl-inet are doing in the background on rules.
One other potential consideration would be to see if OpenVPN works. Both of those devices ought to be capable of 150mbps on the OVPN side, which is generally more than sufficient for most applications. OpenVPN uses a different routing structure which is (imo) easier to debug and in some ways more flexible.
But that’s kind of up to you. We can keep going down this route a while if you want too.
I find a solution, which I do not understand. I have on the Slate to activate the IP Masquerading for the Wireguard Client and then it is working for the Slate’s LAN Clients.