[Solved] Connecting to Wireguard server inside existing LAN with port forward

Installing and Using OpenWrt
1

Hi All,

I'm currently migrating from a vendor firmware solution to OpenWrt for all the obvious reasons. My use case is to be able to have multiple clients wired or wi-fi connected to my portable router (GL.iNet GL-X3000 Spitz AX) through a Wireguard Tunnel via the cellular modem connect back to my home to a GL.iNet GL-MT2500A (Brume 2) which is located inside the network, behind the ISP modem and firewall (port forward UDP 51820 to the Brume).

So to recap:
Wired/wireless Client -> Spitz AX (OpenWrt SNAPSHOT r28277 as Wireguard client) -> Cellular Network -> Internet -> Residential ISP Modem/Router -> Forward UDP 51820 to LAN -> Brume 2 on LAN (OpenWrt 24.10.0-rc2 r28161 as Wireguard Server)

Some wishlist items:

  • Any clients connected to the Spitz to have access to the clients connected to my ISP LAN
  • To be able to connect other clients (other than the Spitz AX, e.g. phone, laptop at a coffee shop) to the Brume2 over Wireguard as well

I did have this working with the GL.iNet vendor firmware but obviously it's different setting it up using OpenWrt, and I'm really struggling to make the Wireguard client talk to the server. I tried using my IPv4 public address as the endpoint to eliminate my Dynamic DNS as the problem, I've even tried moving my Brume (just as a test) to my ISP router's DMZ to eliminate my port forward as the problem.

I initially tried configuring all of the Wireguard bits manually, but got frustrated and tried the WireGuard multi-client server automated at https://openwrt.org/docs/guide-user/services/vpn/wireguard/automated which seems to have created all the bits again but sadly I still can't connect.

It's noteworthy that I haven't even been able to connect my iPhone to the Wireguard server either, even when I scan the QR code to add the profile.

Any help would be appreciated, I can paste in config.
Thanks!!

2

Your home should be setup like the road warrior setup, you have multiple clients which connects via the internet (phone but also your other router which is just a client for which you can import the config from the server)
See:
https://openwrt.org/docs/guide-user/services/vpn/wireguard/road-warrior

1 Like
3

Ok, I ran these scripts including generating a client for my iPhone to start. It seemed to create everything as expected. I'm going to try and make the phone client work initially as I can just scan the QR code, then once that's confirmed I'll work on my Spitz (remote router). I still can't connect. I think I might have my networking wrong, any comment on this config:

  • ISP modem LAN is 10.0.0.1/24
  • I changed Brume LAN to be 10.0.10.1/24 instead of the default 192.168.1.1/24
  • In the wg_roadwarrior script I set the environment variable: export WG_IPV4_SUBNET="10.0.11" (Should this have been 10.0.10 perhaps?)

Thanks!

4

You should have 3 different subnets, server, client and wireguard all need a different subnet

5

After a lot of messing with this I found the issue. I swapped my LAN/WAN ports on the Brume 2 and forgot to assign interface WAN to the WAN firewall zone :woozy_face:. Oh well - lesson learned (and lots more learning in the process :slight_smile: )

Thanks for the help egc!

1 Like
6

Great to hear it is solved :slight_smile:
If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks! :slight_smile:

1 Like
7

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.