How to access to LAN via OpenWrt Wireguard client

Good day!
I cannot access the internal network (LAN) of the router.
my configuration:
The VPS server on which the wireguard (10.8.0.0/24), the client is installed on the router with OpenWRT (2020),
the router works like this: the
VAN port (192.168.100.0/24) of the DHCP is connected to the Internet after the optical modem, the client is connected to the router via LAN (192.168.200.0/24)
The client connects to the server and all LAN traffic(192.168.200.0/24) and the traffic from the local network goes through the VPN tunnel, everything works well.
But how can I get access in the opposite direction? Using, for example, a PC with the wireguard client use 4G or another network, get access to the local network of the router (192.168.200.0/24)?
Thaks for help me, best regards

1 Like

Add the target subnet to the allowed IPs of the respective peer section on the server.

2 Likes

Thank you for your answer! Нou mean the configuration file on the server for the OpenWRT peer or another peer (client) which should get access to LAN? Thank you.

i am new user to wireguard can you give an example? Thank you.

I think you first need to illustrate what you are trying to achieve as this might be not 100% from initial post.

Are you trying to have your Openwrt router connected to the VPS Server via wireguard and also have the other client (e.g. PC using 4G) connected to the VPS Server and you then want to reach the LAN of the Openwrt Router from the PC?

Post the VPN server config redacting the private parts.

Yes, that's right, I have a router connection to the Wireguard server running on a VPS, I have a PC also connected to this VPS server, I can ping nodes inside the VPN network, but I can't get access from a remote PC running via 4G, for example, I need to get access to the local router network from a remote machine (PC)

NET SCHEME

Config for OpenWRT peer:

# https://www.wireguard.com
[Interface]
Address = 10.8.0.3/24,fd42:42:42::3/64
DNS = 10.8.0.1,fd42:42:42::1
ListenPort = 11022
MTU = 1280
PrivateKey = <key>
[Peer]
AllowedIPs = 0.0.0.0/0,10.8.0.3/32,192.168.200.0/24
Endpoint = <end pint ip>:51820
PersistentKeepalive = 25
PresharedKey = <key>
PublicKey = <key>

Config for remote PC client::

# https://www.wireguard.com
[Interface]
Address = 10.8.0.4/24,fd42:42:42::4/64
DNS = 10.8.0.1,fd42:42:42::1
ListenPort = 17564
MTU = 1280
PrivateKey = <key>
[Peer]
AllowedIPs = 10.8.0.4/32
Endpoint = <end point ip>:51820
PersistentKeepalive = 25
PresharedKey = <key>
PublicKey = <key>

Add the LAN subnet to the server config, not the client.
Post the server config, not the client.
Also remove the ListenPort from all client configs.

For install wireguard on server i use this script
(https://github.com/complexorganizations/wireguard-manager)
Posted configurations i see on the vps server now, but if I'm wrong and looking in the wrong place can you tell me where? p.s Do you speak Russian? can we communicate in Russian on this topic by e-mail? if there are problems?

I find it:

sudo nano /etc/wireguard/wg0.conf

DNS = 10.8.0.1,fd42:42:42::1
ListenPort = 51820
MTU = 1280
PrivateKey = <key>
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; iptables -A INPUT -s 10.8.0.0/24 -p udp ->
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; iptables -D INPUT -s 10.8.0.0/24 -p udp>
SaveConfig = false
# OpenWrt start
[Peer]
PublicKey = <key>
PresharedKey = <key>
AllowedIPs = 10.8.0.3/32,fd42:42:42::3/128
# OpenWrt end
# PC start
[Peer]
PublicKey = <key>
PresharedKey = <key>
AllowedIPs = 10.8.0.4/32,fd42:42:42::4/128
# PC end
1 Like

Yep, it should be like this:

3 Likes

I managed to do it!
it turned out to be very easy, and I suffered for several days)))) thank you so much, you helped me a lot, thank you

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.