I can currently not provide any configuration files as I do not have access to the hardware, however I think I am struggling more with the concept anyway.
I have the following setup, I have two LAN networks. One of them has an Internet connection the other one does not. I would like to "dial" into the not internet connected LAN (intranet) from the other. I set up a router dedicated as VPN access point. Wireguard seems to be the only VPN to give decent speed.
So setup is the following:
Internet <-> Router <-> LAN (192.168.2.0) <-VPN Router-> Intranet (192.168.100.0)
I managed to setup Wireguard together with tunsafe just fine.
The interfaces and firewall are setup like here. So the VPN interface is it its own firewall zone. The ips in the tunnel are 10.0.4.0/32. On the client the allowed ips are set to 192.168.100.0/24.
The problem I am struggeling with is that I can not reach the Intranet clients (192.168.100.x) from the machine dialed in via VPN. I can reach the VPN router on its Intranet adress and login into the config page. The VPN router can also ping the other Intranet clients.
I set the allowed ips in the tunnel to 10.0.4.0/24 and 192.168.100.0/24. If I turn on route_allowed_ips things go haywire and I can not reach the Intranet behind the VPN router anymore from the router itself.
So what to I need to do so I can reach the Intranet behind the VPN router? Do I need to add some route from the tunnels ip range to the the Intranet? Is there something missing on the client?
I would appreciate any hints or help. Thanks in advance, the topic drove me mad last weekend.