WireGuard VPN Policy on AXT1800

y2kbug · 2022-08-22T03:01:09.529Z

I have AXT1800 in office and AX1800 at home
AXT1800 acts as “WireGuard client” and AX1800 acts as “WireGuard server”.

On AXT1800:
VPN Policy is “VPN Policy Base on the Client Device”.
“The Traffic from Client Devices” is “Use VPN”.
“Exception” (company resources) is as below:

10.24.0.0/16
10.28.0.0/16

But the exception settings seem not working.
SSH into AXT1800:

root@GL-AXT1800:~# traceroute 10.28.244.246
traceroute to 10.28.244.246 (10.28.244.246), 30 hops max, 38 byte packets
 1  10.10.20.1 (10.10.20.1)  5.596 ms  5.402 ms  6.186 ms
 2  *  *  *
 3  10.30.53.121 (10.30.53.121)  10.841 ms  11.707 ms  9.674 ms

Thanks.

y2kbug · 2022-08-22T03:19:40.135Z

With the following set in “Customize Routing Rules”, all connection goes through WAN but not VPN.

image1216×636 49.8 KB

y2kbug · 2022-08-22T03:41:01.676Z

I have found WireGuard gateway should be 10.10.20.3, which is the “WireGuard client” address.
However, setting a 0.0.0.0/0 does not work.

Setting “Global Proxy” on GL-UI, and setting these on OpenWRT works for me:

Thanks.

alzhao · 2022-08-22T09:28:34.088Z

First, for the client router, pls upgrade to 4.0.2. There is a bug related to policy fixed. Not sure affect your case. But pls do upgrade first.

y2kbug · 2022-08-22T09:57:21.948Z

Oh AXT1800 is on 4.0.1.
Okay I will try again later.
Thanks.