Handshakes to the vpn are successfull. I cannot ping the devices in question, but can only ping them when plugged directly into my openwrt router, not through the vpn.
I turned off openvpn. Still no dice. However, if I ssh into the router while connected to it via wireguard, I can ping the lan devices from the router with a proper response. I just can't ping them from my mac.
I'm really at a loss here. The only thing I can think of is IPv6 -- maybe there is something happening there.
Have you tried a different device as the remote peer? Maybe try using a phone or another Mac or really anything else. I wonder if your Mac has some strange issue with the route.
I’m not understanding your point/question. I’d recommend setting up wg on a phone and seeing if the pings work to the lan devices in question. This will rule out an issue with your Mac if it also doesn’t work, or point to problem there if it does.
What I'm saying is, I haven't changed any settings on my mac whatsoever. And have connected a peplink soho router to my ISP router and configured a vpn server on it. When sshing into my local devices on the peplink, it works, without configuring anything on my mac whatsoever. So shouldn't that same mac configuration work on the Openwrt router? Also, unfortunately, I cannot test ssh on my phone because my local server reqires a yubikey for ssh, which no iOS app supports. So I wouldn't be able to ssh into my local server from my phone regardless.
Is the Peplink VPN setup being replaced by, or supplemented by the OpenWrt Router? What is the physical topology of your network (a diagram would be useful)? Is the subnet changing for your server, or does its address remain constant?
But you could test pings, or you could setup another host with ssh without the yubikey requirement (just for testing purposes).
Is the Peplink VPN setup being replaced by, or supplemented by the OpenWrt Router? What is the physical topology of your network (a diagram would be useful)? Is the subnet changing for your server, or does its address remain constant?
The Peplink VPN is replacing the openwrt router. I completely disconnected the openwrt router, and replaced it with the peplink using the same router ip address and subnet. The server subnet remains constant/static. Not sure how to make a diagram but the routers go like this:
ISP Router with portforwarding on > Peplink surf soho router wan port attached to ISP Lan port > Macbook & Webserver attached to peplink lan ports.
But you could test pings, or you could setup another host with ssh without the yubikey requirement (just for testing purposes).
I will try this when I get home and let you know what happens.
Do you think this could possibly be a hardware issue by chance? I have a second linksys router that i could flash with openwrt to test, if you think it might be hardware related.
Lastly, do you know of any other expert eyes on this forum that you would be willing to ping to have a second pair of eyes take a look at my issue? Maybe there is something we are both missing? Just a thought, since I'm new to openwrt and the forum.
So to be clear about all of this, the Peplink router is the one that you're changing out for the OpenWrt router. When you have the Peplink router in place, you can reach its downstream devices via the VPN. But when the OpenWrt router is in place, you can connect to the VPN, but you are unable to do so.
Some things to check in the setup (and/or verify/document for clarity):
The Peplink router's WAN is connected to the ISP LAN.
When the OpenWrt router is installed, the peplink router is removed.
The OpenWrt router, when installed, is connected to the ISP LAN.
The WAN IP of the [Peplink XOR OpenWrt] router is always the the same, so that the port forwarding from the ISP router points to the same IP address at all times (never changes).
The LAN subnet of both the Peplink and the OpenWrt routers are the same (and they must obviously be unique relative to the ISP router).
All client devices in question are downstream of the [OpenWrt XOR Peplink] router (i.e. they are on the LAN of whichever device is installed)
The IP addresses of the client devices always remains th same when you swap the Peplink/OpenWrt routers (by means of either static IP assignments on those hosts, or DHCP reservations on the routers themselves).
Please verify this, and if there is any possibility for ambiguity, please run some tests and/or clarify as necessary.
Everything seems like it should work. I do not understand why it is not... and I've helped many other people with WG configurations, so I usually have a pretty good handle on this.
I can offer one other idea:
move the wireguard network into another firewall zone (I'd recommend a new zone for this)
turn on masquerading on the wireguard zone.
allow forwarding from this new wg zone > lan zone.
I just tried doing all of these suggestions, and I can connect to the router and luci, however I cannot connect to the internet, or ssh to any of my local devices still.