I've set up a connection between a remote server and my OpenWRT router using Wireguard. I don't want to tunnel all traffic through it, I just want all clients on the network to have the ability to access services on the remote server and other peers in the Wireguard subnet.
The link is up and working (I can ping the remote server from the router) however the clients on the network can't access the remote server.
What must I do from a routing or firewall perspective to permit requests to the Wireguard allowed IPs from the OpenWRT LAN?
The OpenWRT LAN has its own subnet (10.0.0.0/16) and Wireguard has its own as well (10.20.40.0/24)
The OpenWRT router is able to ping the remote server through the Wireguard interface and vice-versa, however I think a rule needs to be set on the router for LAN clients telling it to forward any requests from LAN clients to the Wireguard subnet through the Wireguard interface.
I managed to resolve it and I saw I made a mistake. My LAN subnet was actually 10.0.0.0/8 (not /16) meaning it was conflicting with the Wireguard subnet.
I also created a firewall zone for Wireguard with the following settings:
Input: Accept
Output: Accept
Forward: Reject
Masquerading: True
I then added this firewall zone to the Lan zone's forwarding so now the Wireguard zone and the Wan zone are in the LAN forwarding settings.