Hi.
I want to connect from LAN via Wireguard.
In other words. I want to access the VPN's IP to the LAN client.
The ping test was completed by connecting peers to each other.
However, if I enter the LAN address on my computer, the VPN address is not output.
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd15:5672:3a87::/48'
option multipath 'disable'
option mptcp_path_manager 'fullmesh'
option mptcp_scheduler 'default'
option mptcp_checksum '0'
option mptcp_debug '0'
option mptcp_syn_retries '5'
option mptcp_fullmesh_num_subflows '1'
option mptcp_fullmesh_create_on_err '1'
option mptcp_ndiffports_num_subflows '1'
option congestion 'cubic'
config interface 'wan'
option ifname 'eth1'
option proto 'dhcp'
option multipath 'off'
config interface 'lan'
option proto 'static'
option multipath 'off'
option ipaddr '192.168.0.40'
option netmask '255.255.254.0'
option ifname 'eth0'
list dns '192.168.10.11'
option gateway '192.168.10.1'
config interface 'wg0'
option proto 'wireguard'
option private_key '<key>'
option listen_port '51820'
option multipath 'off'
list addresses '192.168.10.1/32'
config wireguard_wg0
option description 'test'
option public_key '<key>'
option route_allowed_ips '1'
option endpoint_host '<vpnhost>'
option endpoint_port '51820'
list allowed_ips '192.168.10.11/32'
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone 'lan'
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option masq '1'
option fullcone '1'
option network ' '
config zone 'wan'
option name 'wan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option masq '1'
option mtu_fix '1'
option fullcone '1'
option network 'wan'
config zone 'wireguard'
option name 'wireguard'
option input 'ACCEPT'
option forward 'ACCEPT'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option device 'wg0'
option fullcone '1'
config forwarding 'wireguard_wan'
option src 'wireguard'
option dest 'wan'
config forwarding 'wireguard_lan'
option src 'wireguard'
option dest 'lan'
config forwarding 'lan_wireguard'
option src 'lan'
option dest 'wireguard'
config forwarding 'lan_wan'
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
config include 'unblockmusic'
option type 'script'
option path '/var/etc/unblockmusic.include'
option reload '1'
config redirect
option target 'DNAT'
option proto 'tcp udp'
option src 'wan'
option src_dport '80'
option dest 'lan'
option dest_port '80'
config redirect
option target 'DNAT'
option name '2'
option proto 'tcp udp'
option src 'wan'
option src_dport '80'
option dest 'wan'
option dest_port '80'
config zone
option name 'wg'
option input 'ACCEPT'
option forward 'ACCEPT'
option output 'ACCEPT'
option masq '1'
option network ' '
option fullcone '1'
config forwarding
config forwarding
option src 'wg'
option dest 'wan'
config forwarding
option src 'wg'
option dest 'lan'
config forwarding
option src 'lan'
option dest 'wg'
config forwarding
option src 'wan'
option dest 'wg'
config zone
option name 'wg'
option input 'ACCEPT'
option forward 'ACCEPT'
option output 'ACCEPT'
option masq '1'
option network ' '
option fullcone '1'
config forwarding
option src 'wg'
option dest 'lan'
config forwarding
option src 'lan'
option dest 'wg'
config zone
option name 'wg'
option input 'ACCEPT'
option forward 'ACCEPT'
option output 'ACCEPT'
option masq '1'
option network ' '
option fullcone '1'
config forwarding
option src 'wg'
option dest 'lan'
config forwarding
option src 'lan'
option dest 'wg'
config zone
option name 'wg'
option input 'ACCEPT'
option forward 'ACCEPT'
option output 'ACCEPT'
option network 'wg0'
option masq '1'
option fullcone '1'
config forwarding
option src 'wg'
option dest 'lan'
config forwarding
option src 'lan'
option dest 'wg'
config rule
option src '*'
option target 'ACCEPT'
option proto 'udp'
option dest_port '51820'
option name 'Allow-Wireguard-Inbound'