How to allow WireGuard VPN access LAN?

It appears that your OpenWrt router for WG is not the main router on the network. Instead, this appears to be just 'another device on the lan.'

In this situation, you need to either enable a static route on your main router (if supported) or enable masquerading on the lan firewall zone of this router.

Option 1: enable a static route for 10.0.0.0/24 via < IP address of OpenWrt WG router > (it's set to DHCP, so I don't know what the address is).

Option 2: Enable masquerading, and move WG to its own zone, like this...

config zone 'lan'
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'
        option masq '1'

config zone 'wg'
        option name 'wg'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'WG'

config forwarding
        option src 'wg'
        option dest 'lan'

next, you can remove all of this:

And your endpoint port on the OpenWrt peer config should be removed:

1 Like