default via xxxxx dev eth1 proto static src xxxxxxxxxxxxxxx
10.0.10.0/24 dev wg0 proto kernel scope link src 10.0.10.1
10.0.10.2 dev wg0 proto static scope link
10.90.20.0/24 dev wg0 proto static scope link
xxxxxxxxxx/24 dev eth1 proto kernel scope link src xxxxxxxxxxxxxx
192.168.9.0/24 dev br-lan proto kernel scope link src 192.168.9.1
xxxxxxxxxxx via xxxxxxxxxxxxxxx dev eth1 proto static
From firewall and br-lan, I can ping 10.90.30.0/24 this is the problem.
We should assign lan and wg0 to the same firewall zone.
192.168.9.0 br-lan local network on site A
10.0.10.0/24 wg0 network
10.90.20.0/24 remote network (vlan) on site B
10.90.30.0/24 remote network (vlan) on site B
How come that Wireguard is picking-up 10.90.30.0/24?
It means 10.90.30.254 should be routed via the eth1 interface.
If you can ping it, it is reachable.
It doesn't mean that 10.90.30.254 is in the same network that you think of.
It may be a part of the upstream networking, i.e. your ISP.
How come that I have acccess to non-routable machines on my ISP network. It seems unreal.
I can ping 10.90.30.1 but there is no such machine on my network.
OK, I understand, it could be the TV network or Fiber module or SIP phone or someting like that.
So I should not be using 10.90.3.0/24 on site A for clarity.
It is a big joke, I have access to several machines on 192.168.2.0/24, 192.168.3.0/24, 192.168.4.0/24 ...
How can I avoid receiving those routes from DHCP? May I loose my fiber module (ONT) wich is on a separate link?
Can bcp38 block communications with my external fiber ONT?
The reason I am asking is that I am not on site B and this could be a problem to loose fiber ...
Probably not, but I don't think you really know what you're doing and randomly installing apps isn't the best approach. Where are these dozens of hosts you don't want to have internet access? Are they on your own networks?