How to reach subnet with Wireguard

Hi,

i'm pretty new in OpenWrt.

I have just created a Wireguard VPN on my OpenWrt Router.

Everything works like it should excerpting the access to the subnet which is in front of my OpenWrt subnet.

Having following setup

Internet --> Router FritzBox 6660 (Subnet 192.168.0.0/24) -- > OpenWrt Router (Subnet 192.168.10.0/24 [OpenWrt acts as gateway with static IP 192.168.0.254 at WAN port].

Masquerade is disabled, Static routes are set from the 0.0 subnet to the 10.0 subnet and vice versa.

This are the static routes at OpenWrt:

Route to Wireguard wg0: "lan0" 10.55.0.0/24 255.255.255.0 192.168.10.1 0 Nein

Route to FritzBox Router: "lan0" 192.168.0.1 255.255.255.0 192.168.10.1 0 Nein

As said without connection to Wireguard VPN the 192.168.0.1 is reachable with Wireguard VPN activated it's not.

Thank you for your help!

1 Like

Establish the VPN connection, then collect the diagnostics on OpenWrt and post it to pastebin.com redacting the private parts:

ip address show; ip route show table all; ip rule show; iptables-save -c; \
wg show; uci show network; uci show firewall; uci show dhcp; \
head -v -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
1 Like

Here is my output on pastebin:

1 Like
  • Remove the mentioned above static routes from OpenWrt.
  • Remove the gateway options from all OpenWrt downstream interfaces.
  • Add a static route on the upstream router to 10.55.0.0/24 via 192.168.0.254.
  • Make sure the target network is included in the WireGuard allowed IPs range on the client.
3 Likes

Runs now like it should with your suggest @vgaetera

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.