[Solved] Wireguard: Cant reach clients on remote site after changing my local gateway

Last week, I set up WireGuard on my Xiaomi Mi Router 4A with OpenWRT. The router is located in "City 1". Currently, I am in "City 2" and can successfully connect to my remote site in "City 1". I am running the WireGuard client on a Windows PC in "City 2".

Yesterday, I changed the gateway, local IP, and DNS of my client in "City 2". Now, I can still connect to "City 1", but I can't reach the clients there. I can only access internet devices.

Configuration Details

Before the Change

PC in "City 2":

  • DNS: 192.168.2.1
  • Gateway: 192.168.2.1
  • IP: 192.168.2.2

After the Change

PC in "City 2":

  • DNS: 192.168.1.1
  • Gateway: 192.168.1.1
  • IP: 192.168.1.2

WireGuard Configuration in "City 2"

[Interface]
PrivateKey = ...
ListenPort = 51820
Address = 192.168.9.2/32
DNS = 192.168.1.1

[Peer]
PublicKey = ...
PresharedKey = ...
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = xxx.xxx.xxx.xxx:51820

Issue Summary

After changing the DNS and local IP settings on the client in "City 2", I can connect to "City 1", but I cannot reach the clients there. The internet connection works, but internal network access is lost.

WireGuard is a routed solution to function properly there need to be three different subnets.
The WG subnet which is 192.168.9.0/24
The clients subnet which seems to be 192.168.1.0/24 and the routers subnet.

I do not know what the routers subnet is but I guess it is also 192.168.1.0/24

If so something has got to give :wink:

  1. Your guess is correct. The subnet is also 192.168.1.0/24.
  2. Thanks for the explanation of the three subnets.
  3. The reason I didn't know this was because I only followed the steps in the WireGuard tutorial and didn't explore further. In the future, I need to read the WireGuard documentation thoroughly. Do you know where in the documentation it describes the three subnets, and where I can find more tips and tricks for working with WireGuard?
  4. Yes, I can simply undo the change in "City 2" and everything would be fine again.
  5. Imagine I'm using WireGuard with my laptop on a guest Wi-Fi where I can't change the subnet, and they are using the same subnet as my remote subnet. Is there any other way to solve this problem?

About 5, therefore it is advised to use a subnet for your home router which is not often used, e.g. no 192.168.1.0/24

This is indeed another one of the tips and tricks, those are coming from documentation of another third party firmware (which I actually wrote) so apart from the tips and tricks not suited for OpenWRT.

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks! :slight_smile:

With the help of ChatGPT i found another solution. I changed one line in my WireGuard Configuration in "City 2". Now i can still use the same subnet. Is this a good or bad approach?

Before:
AllowedIPs = 0.0.0.0/0, ::/0
After:
AllowedIPs = 192.168.1.0/24, 0.0.0.0/0, ::/0

Configuration:

[Interface]
PrivateKey = ...
ListenPort = 51820
Address = 192.168.9.2/32
DNS = 192.168.1.1

[Peer]
PublicKey = ...
PresharedKey = ...
AllowedIPs = 192.168.1.0/24, 0.0.0.0/0, ::/0
Endpoint = xxx.xxx.xxx.xxx:51820

With this you can no longer reach your own subnet so not advisable

Thank you again. That is correct.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.