Separate Wireguard Firewall Zone doesn't work

Have my wireguard client setup successfully. Using the command wg on my wireguard server, I can see OpenWrt is connected. On my LAN, I can ping devices behind wireguard interface if the wireguard interface is set in the WAN firewall zone, but if I make the wireguard have it's own firewall zone, I can't get through. Happy to post configurations, just not sure which ones...

Thanks

Okay, I actually figured it out. I mirrored the WAN zone exactly and that fixed it... think I need masquerading on...

Here comes the next question: How can I route traffic so all traffic on the LAN goes through the wireguard interface?

If you want all lan traffic to go through the tunnel, usually the allowed ips in the peer config on the device will be set to 0.0.0.0/0 and ensure that there is firewall allows lan > vpn zone forwarding.

1 Like

Thank you so much, that was it. To clarify:

  1. Change LAN -> WAN&VPN to LAN -> VPN
  2. Change Wireguard interface to allow 0.0.0.0/0

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.