Hi all,
I'm getting crazy about this, so maybe one of you can tell me how to solve it in OpenWRT 
That's what i have:
Wireguard: 192.168.10.0/24
Lan: 192.168.1.0/24
MACVLAN: 192.168.1.20/32
At my MACVLAN i have some docker container assigned for example:
MQTT: 192.168.1.21/32
I can connect by wireguard and accessing the lan. For example access to luci is no problem. I also can ping devices which are connected to the router by DHCP. But i can not access or ping any docker container inside my MACVLAN if i'm connected by wireguard. I'm pretty sure it's not a big thing, but i don't have any idea anymore
So, two things what i don't understand:
- I can't ping or access the docker container with a client connected with wireguard (over wan), but i can do for clients connected by wlan.
- I can't ping the docker containers from the router.. no matter how i'm connected to it
A screenshot from my zone settings:
(Don't get confused by the docker zone, this is an docker internal bridge. The MACVLAN is assigned to the lan zone)
Another thing i've seen if i make a traceroute to a docker container from the client:
traceroute to mqtt.xxx.net (192.168.1.21), 64 hops max, 40 byte packets
1 mqtt.xxx.net (192.168.1.21) 2.498 ms 2.550 ms 2.325 ms
If i'm connected from wan by wireguard:
traceroute to mqtt.xxx.net (192.168.1.21), 64 hops max, 40 byte packets
1 192.168.10.1 (192.168.10.1) 124.768 ms 505.323 ms 306.936 ms
2 192.168.10.1 (192.168.10.1) 3589.456 ms !H 3474.829 ms !H 3481.052 ms !H
And from the router:
traceroute to mqtt.xxx.net (192.168.1.21), 30 hops max, 46 byte packets
1 xxx.net (192.168.1.1) 3145.022 ms !H 3119.329 ms !H 3119.585 ms !H
The wireguard client config is:
[Interface]
PrivateKey = XXX
Address = 192.168.10.2/32
DNS = 192.168.1.1
[Peer]
PublicKey = XXX
PresharedKey = XXX
AllowedIPs = 0.0.0.0/0
Endpoint = XXX:51820
PersistentKeepalive = 25
I hope I didn't describe my problem too confusingly 
Just tell me which info's you would need, or give me a hint what i can try
Every help is welcome
cheers
Christopher