When I am connected to this WIFI I can't connect to my wireguard server, which is located in the secured, original LAN (not on the router). I have tried to allow traffic from devices in the br-guest to the wireguard server port 47123 (wg port) but there is no handshake. The wireguard connection works from LAN and from the outside, i.e., port forwarding is set up and working.
I just solved this by reading a recommended post and activating a "Reflection zone" under the port forward rule. There, I added the Guest zone so that when I try to connect to wireguard from the guest zone it "looks" as if I'm connecting from the outisde. Is that a correct understanding and a correct/safe procedure? In any case, it works.
Great, thanks for the reply. Well, it's a rather long story. The wife does not like pihole so her laptop now lives in the guest wifi together with the chromecast and the ipads. In the original LAN resides a web server and some other stuff. Sometimes I need my phone on the guest wifi, ie to chromecast, but I'd still like the pihole ad blocking, which is solved by connecting to my wireguard server on the LAN.
For Chromecast between subnets you can research things like mDNS/Avahi
But if this works for you excellent.
Another way to deal with this is to use dnsmasq address option to resolve your DDNS address to the local IP address:
DHCP and DNS > General > Adresses: /ddns-adres/< internal-ip-address >
If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks!
