Hi all, I set up a point to point WireGuard connection between two AL1300. I liked this router so much to buy another one for this purpose eheh. So, it basically works well. However, on client side, I cannot seem to have the VPN policy correctly applied.
I want to keep my client connection up and running but having only one of my devices going through it. Namely my Apple TV. Unfortunately, nor using MAC nor configuration based policies by IP seemed to work. Either it doesn’t go through the VPN tunnel, or the entire network does.
Please be understanding as I’m not quite an expert though WireGuard should theoretically be quite straightforward. Also, I verified by looking at my publicly exposed ipv4. Would also be great to know how to prevent ipv6 leakage.
Im trying to verify that it doens't randomize its MAC although on tvOS is not as straightforward as on iOS. I haven't said the VPN isn't working, it is. What I'm trying to achieve, is to use VPN policy for having only that device going through the tunnel. But what I observed instead, is eiter all-or-nothing. Is just enough to check my public IP and I could see the change.
Fast forward almost a year, I am trying again to fiddle with this.
So, to solve the issue with all the network going through the tunnel despite having chosen as policy to route per device via MAC, I changed the policy to be Auto Select under the Route mode section, and changed the AllowedIPs in the client configuration file to include solely the Apple TV's IP. Not sure if that routing policy and having 0.0.0.0/24 as AllowedIPs in the WireGuard client's configuration file conflict.
Issue is, the device doesn't seem to have any connectivity.
Do I have to adjust routing policies, firewall, anything on the wireguard server side configuration, or my wireguard client configuration? I have AdGuard Home enabled if is of any help.
I currently am not able to use the WireGuard Client as global proxy either.
I would be happy If at least worked via global proxy policy first, and then solve it per device policy.
It seems to me that the policy chosen in the VPN Dashboard is not either being applied or respected. I inspected the wgclient_route_update.sh file to replicate manually the steps via setting up routing policy mode with no success.
Tried to fiddle with AllowedIPs (as looking to the aforementioned script should allow solely the devices I want to go trough the wgclient interface) but with no luck.
Perhaps to give some more context on the se-up:
On site A (WireGuard Client, where I am physically configuring):
Static IPv4;
IPv6 enabled;
GL-iNet A1300 as drop-in gateway behind main ISP router;
AdGuardHome enabled
On site B (WireGuard Server)
Another GL-iNet A1300 with dynamic IPv4 only
Doesn't act as drop-in gateway (just a host in the LAN)
No AdGuardHome
Current state:
WireGuard Client establishes connectivity with the server, though over IPv4 doesn't seem to have any connectivity regardless of the policy I choose. I had it running once at least via global proxy, not sure what I may have messed up fiddling around.
Desired outcome:
To have solely specified devices to go through the wireguard client interface, and possibly use the AdGuardHome server as DNS