That will stop connections to the router. If the networks in that zone are trusted then it's fine to have input as accept.
1 Like
Especially for initial testing you should add the tunnel from the road warrior to the lan zone (and as noted, a network can only be in one zone- delete it from every other one). This of course means that there is no firewall between the phone and everything in the lan; it has full access. Also the phone can reach services on the router including ssh and Luci http. If you want finer control you can set up a more restrictive firewall later.
Got it working now. What I had to do:
This setting in the firewall was necessary to allow traffic on the port from WAN to my router:
config rule
option name 'Wireguard port'
list proto 'udp'
option src 'wan'
option dest_port '51280'
option target 'ACCEPT'
As well as this setting in the firewall to allow connectivity to the devices on my LAN:
config zone
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option name 'Heimnetz'
list network 'Heimnetzwerk'
list network 'HeimnetzVPN'
Now my phone connects via the public IPv6 to the Wireguard server on my router and is able to access IPv4 LAN devices.
What finally got internet access working was to add the IPv4-IP of my router as a DNS-server to the wireguard peer configuration.
Thank you for your time and your help!
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.