[SOLVED]Access LAN behind openwrt wireguard peer

Hi,
I have site to site vpn configured between my ubuntu VPS (wg server) and openwrt router (wg client).
I have configured routing, so I can access the LAN behind the openwrt router via the VPS server or via third WG client (on my phone for example).
I am also using PBR (policy routing) where I have 2 gateways defined, WG(internet access via the tunnel) and LTE ("normal" local internet).
Everything works good if those LAN machines are routed via WG, but if I let them out via the default internet connection, then they are not accessible from the VPS server or WG clients anymore...

edit: my pbr policy for routing traffic from local subnet to wg subnet had wrong subnet mask

In all due fairness:

It is not solved unless you expound so other users can learn from your mistake; please, describe.

As in:
What assumptions brought you here?

i had created a pbr policy to route all lan traffic bound to WG tunnel via WG interface, so regardless of what default route particular host has, it should always know how to reach the tunnel (and, return packets if someone from the tunnel is trying to reach him)

config policy
        option src_addr '192.168.4.0/24'
        option name 'lan.route'
        option interface 'VPN'
        option dest_addr '10.9.0.0/32'

but mistakenly (stupidly) i had /32 mask here and this rule was not working.

changed to

config policy
        option src_addr '192.168.4.0/24'
        option name 'lan.route'
        option interface 'VPN'
        option dest_addr '10.9.0.0/24'

everything works as expected

Good work.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.