Hi all
i want to connect three networks through a wireguard site2site tunnel.
General
All router has a wan static IPv4 Adress
Router 1 - 192.168.75.1
LAN1: 192.168.75.0/24 --> with several clients and servers
Router 2 - 192.168.77.1
LAN2: 192.168.77.0/24 --> with several clients and servers
Router 3 - 192.168.47.1
LAN3: 192.168.47.0/24 --> with several clients and servers
Both sides should remain using their own local WAN connection for the internet.
Clients/Servers from all sites should reach the other site.
VPN0 is for the Wireguard Tunnel as 10.200.100.0/24:
--> Router 1: 10.200.100.1/32
--> Router 2: 10.200.100.2/32
--> Router 2: 10.200.100.3/32
my configuration:
Router 1:
/etc/config/network
config interface 'vpn0'
option proto 'wireguard'
option private_key '-'
option listen_port '23555'
list addresses '10.200.100.1/24'
config wireguard_vpn0
option description 'Site Office 1'
option public_key '-'
option preshared_key '-'
list allowed_ips '192.168.77.0/24'
list allowed_ips '10.200.100.2/32'
option route_allowed_ips '1'
option persistent_keepalive '25'
config wireguard_vpn0
option description 'Site Office 2'
option public_key '-'
option preshared_key '-'
list allowed_ips '192.168.47.0/24'
list allowed_ips '10.200.100.3/32'
option route_allowed_ips '1'
option persistent_keepalive '25'
/etc/config/firewall
config rule
option target 'ACCEPT'
option proto 'udp'
option dest_port '23555'
option name 'Allow-Wireguard-Inbound'
option src 'wan'
config zone
option name 'vpn0'
option network 'vpn0'
option input 'ACCEPT'
option forward 'ACCEPT'
list device 'vpn0'
option output 'ACCEPT'
config forwarding
option dest 'lan'
option src 'vpn0'
config forwarding
option dest 'vpn0'
option src 'lan'
Router 2:
/etc/config/network
config interface 'vpn0'
option proto 'wireguard'
option private_key '-'
option listen_port '23555'
list addresses '10.200.100.2/24'
config wireguard_vpn0
option description 'Site to Router 1'
option public_key '-'
option preshared_key '-'
list allowed_ips '192.168.75.0/24'
list allowed_ips '10.200.100.1/32'
list allowed_ips '10.200.100.3/32'
option route_allowed_ips '1'
option persistent_keepalive '25'
option endpoint_host 'router1'
option endpoint_port '23555'
/etc/config/firewall
config rule
option target 'ACCEPT'
option proto 'udp'
option dest_port '23555'
option name 'Allow-Wireguard-Inbound'
option src 'wan'
config zone
option name 'vpn0'
option network 'vpn0'
option input 'ACCEPT'
option forward 'ACCEPT'
list device 'vpn0'
option output 'ACCEPT'
config forwarding
option dest 'lan'
option src 'vpn0'
config forwarding
option dest 'vpn0'
option src 'lan'
Router 3:
/etc/config/network
config interface 'vpn0'
option proto 'wireguard'
option private_key '-'
option listen_port '23555'
list addresses '10.200.100.3/24'
config wireguard_vpn0
option description 'Site to Router 1'
option public_key '-'
option preshared_key '-'
list allowed_ips '192.168.75.0/24'
list allowed_ips '10.200.100.1/32'
list allowed_ips '10.200.100.2/32'
option route_allowed_ips '1'
option persistent_keepalive '25'
option endpoint_host 'router1'
option endpoint_port '23555'
/etc/config/firewall
config zone
option name 'vpn0'
option network 'vpn0'
option input 'ACCEPT'
option forward 'ACCEPT'
list device 'vpn0'
option output 'ACCEPT'
config forwarding
option dest 'lan'
option src 'vpn0'
config forwarding
option dest 'vpn0'
option src 'lan'
From server network 192.168.75.0 i can reach hosts in 192.168.77.0 and 192.168.47.0 networks.
From 192.168.77.0 and 192.168.47.0 networks i can reach only 192.168.75.0. I couldn't reach from 192.168.77.0 to 192.168.47.0
Thank you for any suggestion