Problems reaching server LAN through wireguard

I'm having trouble getting OpenWRT and Wireguard to work.
I suspect it is because the same LAN addresses are used in both sites A and B. I can connect fine with Wireguard windows client from A to B and I get site B's WAN IP on site A. I can reach internet sites via B from site A ok. But I can't reach any LAN addresses on site B, and a ping from A to B Lan shows 'general failure'
Site A (Client): LAN 192.168.1.0/24 (gw .1) WAN: 87.104.49.xx
Site B (Server): LAN 192.168.1.0/24 (gw .1) WAN: 78.109.210.xx

If I test from a mobile 4G modem where the
LAN addresses are 192.168.8.0/24 it works fine
reaching 192.168.1.xx adresses on site B

/etc/config/firewall 
config rule
        option src '*'
        option target 'ACCEPT'
        option proto 'udp'
        option dest_port '52345'
        option name 'Allow-Wireguard-Inbound'

/etc/config/network

config interface 'wg0'
        option proto 'wireguard'
        option private_key '0DGd9N1zzzzzzzzzz3tkqelYbfZgL2uxxxxxxxxl41V8='
        list addresses '192.168.4.0/24'
        option delegate '0'
        option listen_port '52345'

config wireguard_wg0
        option public_key 'MEM/7/rzzzzzzzzzzzzJO8abRWkxm xxybC+bEIsno='
        option description 'gavno_peter'
        list allowed_ips '192.168.4.0/24'
        option persistent_keepalive '25'
        option route_allowed_ips '1'

Windows wireguard client
MEM/7/r5+gTJk/4nvYDhJO8xxxxxxxxxxxxxxxxxxxxclybC+bEIsno=

[Interface]
PrivateKey = mLvzzzzzzzzzzzX3PE2jtwLQn08vK55xxxxxxxxiVZmg=
Address = 192.168.4.3/24
DNS = 8.8.8.8

[Peer]
PublicKey = oaBbzzzzzzzzzzzv3ca8Rhk0Gy7HIxxxxxxxxxxx+Mbpl4=
AllowedIPs = 0.0.0.0/0
Endpoint = 78.109.210.66:52345

Is this how it should work in wireguard, or is there a solution for my problem ?

Thanks in advance,

Peter,
Denmark :slight_smile:

That's not going to help. Can you change the LAN addresses in site A or B?

1 Like

Not without a lot of work :slight_smile:

When you tried it with the 4G modem was the Wireguard setup exactly the same as you've posted above? Only difference being the local addresses being 192.168.8.0/24?

Yes, it was the same PC on site A and same Client. Only LAN cable switched to 4G modem.

This is not going to work... when you PING a device, let's say 192.168.1.99, how can anybody know whether it's on the local or the remote site?

2 Likes

I thought everything should be routed out through the tunnel. (192.168.4.x)

I have used OpenVPN in the same setup without any problems, but have changed to wireguard because of better speed.

Can you post the output of 'route PRINT' from the Windows PC? Can you do it when the VPN is not connected, when it is, and when you have the 4G modem connected?

Files attached :slight_smile:
1.txt = Site A lan Connected to 192.168.1.0/24
2.txt = Site A connected to Site B no connection to 192.168.1.0/24 but internet OK.
3.txt = Site A Lan connected to 192.168.8.0/??
4.txt = Site A connected to Site B connection OK to 192.168.1.0/24 and internet.

1.txt = Site A lan Connected to 192.168.1.0/24 
---------------------------------------------------------------
Interface List
  6...28 d2 44 cd 77 38 ......Intel(R) Ethernet Connection I218-LM
 10...02 00 4c 4f 4f 50 ......Npcap Loopback Adapter
 20...28 b2 bd 60 50 37 ......Microsoft Wi-Fi Direct Virtual Adapter
  5...2a b2 bd 60 50 36 ......Microsoft Wi-Fi Direct Virtual Adapter #2
 14...28 b2 bd 60 50 36 ......Intel(R) Wireless-N 7260
 21...28 b2 bd 60 50 3a ......Bluetooth Device (Personal Area Network) #4
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.208     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      169.254.0.0      255.255.0.0         On-link   169.254.223.215    281
  169.254.223.215  255.255.255.255         On-link   169.254.223.215    281
  169.254.255.255  255.255.255.255         On-link   169.254.223.215    281
      192.168.1.0    255.255.255.0         On-link     192.168.1.208    281
    192.168.1.208  255.255.255.255         On-link     192.168.1.208    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.208    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     192.168.1.208    281
        224.0.0.0        240.0.0.0         On-link   169.254.223.215    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link     192.168.1.208    281
  255.255.255.255  255.255.255.255         On-link   169.254.223.215    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    331 ::1/128                  On-link
  6    281 fdf1:20a:b487::/48       fe80::2ad:24ff:fe4e:d580
  6    281 fdf1:20a:b487::/64       On-link
  6    281 fdf1:20a:b487:0:44dc:1b4:1652:e51c/128
                                    On-link
  6    281 fdf1:20a:b487:0:adf4:e261:ce4b:2c82/128
                                    On-link
  6    281 fe80::/64                On-link
 10    281 fe80::/64                On-link
  6    281 fe80::adf4:e261:ce4b:2c82/128
                                    On-link
 10    281 fe80::b43f:21be:e128:dfd7/128
                                    On-link
  1    331 ff00::/8                 On-link
  6    281 ff00::/8                 On-link
 10    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

===========================================================================

2.txt = Site A connected to Site B  no connection to 192.168.1.0/24 but internet OK.
-----------------------------------------------------------------------------------------------------------------

Interface List
 24...........................WireGuard Tunnel
  6...28 d2 44 cd 77 38 ......Intel(R) Ethernet Connection I218-LM
 10...02 00 4c 4f 4f 50 ......Npcap Loopback Adapter
 20...28 b2 bd 60 50 37 ......Microsoft Wi-Fi Direct Virtual Adapter
  5...2a b2 bd 60 50 36 ......Microsoft Wi-Fi Direct Virtual Adapter #2
 14...28 b2 bd 60 50 36 ......Intel(R) Wireless-N 7260
 21...28 b2 bd 60 50 3a ......Bluetooth Device (Personal Area Network) #4
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.208     25
          0.0.0.0          0.0.0.0         On-link       192.168.4.2      0
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      169.254.0.0      255.255.0.0         On-link   169.254.223.215    281
  169.254.223.215  255.255.255.255         On-link   169.254.223.215    281
  169.254.255.255  255.255.255.255         On-link   169.254.223.215    281
      192.168.1.0    255.255.255.0         On-link     192.168.1.208    281
    192.168.1.208  255.255.255.255         On-link     192.168.1.208    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.208    281
      192.168.4.2  255.255.255.255         On-link       192.168.4.2    256
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     192.168.1.208    281
        224.0.0.0        240.0.0.0         On-link   169.254.223.215    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link     192.168.1.208    281
  255.255.255.255  255.255.255.255         On-link   169.254.223.215    281
===========================================================================
Persistent Routes:
  None


IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    331 ::1/128                  On-link
  6    281 fdf1:20a:b487::/48       fe80::2ad:24ff:fe4e:d580
  6    281 fdf1:20a:b487::/64       On-link
  6    281 fdf1:20a:b487:0:44dc:1b4:1652:e51c/128
                                    On-link
  6    281 fdf1:20a:b487:0:adf4:e261:ce4b:2c82/128
                                    On-link
  6    281 fe80::/64                On-link
 10    281 fe80::/64                On-link
  6    281 fe80::adf4:e261:ce4b:2c82/128
                                    On-link
 10    281 fe80::b43f:21be:e128:dfd7/128
                                    On-link
  1    331 ff00::/8                 On-link
  6    281 ff00::/8                 On-link
 10    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None


3.txt = Site A Lan connected to 192.168.8.0/??

===========================================================================
Interface List
  6...28 d2 44 cd 77 38 ......Intel(R) Ethernet Connection I218-LM
 10...02 00 4c 4f 4f 50 ......Npcap Loopback Adapter
 20...28 b2 bd 60 50 37 ......Microsoft Wi-Fi Direct Virtual Adapter
  5...2a b2 bd 60 50 36 ......Microsoft Wi-Fi Direct Virtual Adapter #2
 14...28 b2 bd 60 50 36 ......Intel(R) Wireless-N 7260
 21...28 b2 bd 60 50 3a ......Bluetooth Device (Personal Area Network) #4
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.8.1    192.168.8.100     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      169.254.0.0      255.255.0.0         On-link   169.254.223.215    281
  169.254.223.215  255.255.255.255         On-link   169.254.223.215    281
  169.254.255.255  255.255.255.255         On-link   169.254.223.215    281
      192.168.8.0    255.255.255.0         On-link     192.168.8.100    281
    192.168.8.100  255.255.255.255         On-link     192.168.8.100    281
    192.168.8.255  255.255.255.255         On-link     192.168.8.100    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     192.168.8.100    281
        224.0.0.0        240.0.0.0         On-link   169.254.223.215    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link     192.168.8.100    281
  255.255.255.255  255.255.255.255         On-link   169.254.223.215    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  6     41 ::/0                     fe80::3e47:11ff:fe8b:7116
  1    331 ::1/128                  On-link
  6    281 fe80::/64                On-link
 10    281 fe80::/64                On-link
  6    281 fe80::adf4:e261:ce4b:2c82/128
                                    On-link
 10    281 fe80::b43f:21be:e128:dfd7/128
                                    On-link
  1    331 ff00::/8                 On-link
  6    281 ff00::/8                 On-link
 10    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None


4.txt = Site A connected to Site B  connection OK to 192.168.1.0/24 and internet.

===========================================================================
Interface List
 24...........................WireGuard Tunnel
  6...28 d2 44 cd 77 38 ......Intel(R) Ethernet Connection I218-LM
 10...02 00 4c 4f 4f 50 ......Npcap Loopback Adapter
 20...28 b2 bd 60 50 37 ......Microsoft Wi-Fi Direct Virtual Adapter
  5...2a b2 bd 60 50 36 ......Microsoft Wi-Fi Direct Virtual Adapter #2
 14...28 b2 bd 60 50 36 ......Intel(R) Wireless-N 7260
 21...28 b2 bd 60 50 3a ......Bluetooth Device (Personal Area Network) #4
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.8.1    192.168.8.100     25
          0.0.0.0          0.0.0.0         On-link       192.168.4.2      0
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      169.254.0.0      255.255.0.0         On-link   169.254.223.215    281
  169.254.223.215  255.255.255.255         On-link   169.254.223.215    281
  169.254.255.255  255.255.255.255         On-link   169.254.223.215    281
      192.168.4.2  255.255.255.255         On-link       192.168.4.2    256
      192.168.8.0    255.255.255.0         On-link     192.168.8.100    281
    192.168.8.100  255.255.255.255         On-link     192.168.8.100    281
    192.168.8.255  255.255.255.255         On-link     192.168.8.100    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     192.168.8.100    281
        224.0.0.0        240.0.0.0         On-link   169.254.223.215    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link     192.168.8.100    281
  255.255.255.255  255.255.255.255         On-link   169.254.223.215    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  6     41 ::/0                     fe80::3e47:11ff:fe8b:7116
  1    331 ::1/128                  On-link
  6    281 fe80::/64                On-link
 10    281 fe80::/64                On-link
  6    281 fe80::adf4:e261:ce4b:2c82/128
                                    On-link
 10    281 fe80::b43f:21be:e128:dfd7/128
                                    On-link
  1    331 ff00::/8                 On-link
  6    281 ff00::/8                 On-link
 10    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None