Intercom Between two networks

Hello everyone. already I have two network on my device:

1. one for normal wan traffic.
2. and one other for wireguard tunnel through the wan, and this one have a seperate wifi network.

My case is I want to be able to intercommunicate between my LANs. for example I already In 192.168.230.0/24 network, and I want to see hosts in 192.168.220.0/27 network. here is my /etc/config/network file:

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix '***'

config atm-bridge 'atm'
	option encaps 'llc'
	option payload 'bridged'
	option nameprefix 'dsl'
	option vci '35'
	option vpi '0'

config dsl 'dsl'
	option annex 'a'
	option tone 'av'
	option ds_snr_offset '0'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0.1'
	option proto 'static'
	option ip6assign '60'
	option netmask '255.255.255.224'
	option ipaddr '192.168.220.1'

config interface 'wan'
	option ifname 'dsl0'
	option proto 'pppoe'
	option ipv6 '1'
	option password '*'
	option peerdns '0'
	option username '*'
	option force_link '1'
	list dns '9.9.9.9'
	option pppd_options 'debug'

config device 'wan_dsl0_dev'
	option name 'dsl0'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0 2 4 5 6t'

config interface 'wgNet'
	option proto 'wireguard'
	option force_link '1'
	option private_key '*'
	list addresses '*'
	list addresses '*'

config wireguard_wgNet
	option public_key '*'
	list allowed_ips '0.0.0.0/0'
	list allowed_ips '::0/0'
	option endpoint_host '*'
	option endpoint_port '*'

config interface 'WGLOCAL'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '192.168.230.1'
	option ip6assign '64'

config route
	option interface 'wgNet'
	option target '0.0.0.0'
	option netmask '0.0.0.0'
	option table 'wgvpn'

config rule
	option in 'WGLOCAL'
	option src '192.168.230.0/24'
	option lookup 'wgvpn'

Add a forwarding in firewall config from the zone that WGLOCAL belongs to the lan zone and vice versa.

It didn't work! I add this parts into my firewall:

config zone
	option name 'LAN2_LAN'
	option input 'ACCEPT'
	option forward 'ACCEPT'
	option network 'LAN2_LAN WGLOCAL'
	option output 'ACCEPT'

config forwarding
	option dest 'lan'
	option src 'LAN2_LAN'

config forwarding
	option dest 'LAN2_LAN'
	option src 'lan'

Should I add an static route or something like that? because it is two separate network that want to communicate each other.(As you said before in another of my topics here)

Yes, correct!

Ok. Is this the right conditions?

firewall:

config forwarding
	option dest 'lan'
	option src 'LAN2'

lan = It's my primary Lan network.
LAN2 = It's my secondary network that I want to access to the lan from within.

network:

config route
	option interface 'WGLOCAL'
	option target '192.168.220.0'
	option netmask '255.255.255.224'

WGLOCAL = The Interface of my second network.
target = the network ID of my lan network.
netmask = my lan network netmask.

Firewall is fine for lan2->lan only.
For static route use the following:

config route
	option interface 'lan'
	option target '192.168.220.0'
	option netmask '255.255.255.224'
	option table 'wgvpn'

Thank's a lot. that's fine now.
One last thing... how to reach both gateways in any of networks? for example I'm in the wifi1 or LAN1 network (192.168.220.0/27) and I want to sending my Internet traffic using the wifi2(LAN2) Network (192.168.230.0/24), Because my LAN2 pass through the wireguard tunnel, and I want to access it's gateway either inside of LAN2 and also LAN1.

There is no simple way to do that with a switch.
You can add the LAN1 also in the wgvpn table, or maybe use PBR to make it a bit more automatic.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.