[Solved] Wireguard external client cant access SMB Share running on a Synology DS series Raid

Problem, a external client can successfully connect through WireGuard to the Router running OpenWRT 23.05.2. So far so good, but when the client then tries to connect to the smb share, it doesnt connect, LAN is set to 192.168.x.x range and hands out DHCP static leases to devices living in LAN IP range, and WireGuardinterface sits on 10.0.0.1, the server sits on a DHCP leased client from router and gets its IP 192.168.x.3 also sucessfully, but when the external client who connects through wireguard, wants to conect via command smb://IP_of_share sitting on 192.168.x.3 , it doesnt connect.

What I dont understand, as I have set in firewall, Zone forward from Wireguard IP Range to LAN range, and vica versa, as forward allowed... has anybody an Idea, or Tip, what I can do to fix that and beeing able to access the smb share sucessfully?

Thanks for reading and replys, aprecciate any idea to solve this problem

It is likely a setting on your Synology NAS... check the local firewall or network settings to ensure that it allows connections from other subnets. Also verify that the device has the complete and proper IP configuration, including the gateway.

1 Like

Should I tell DNSMASQ to listen also on PORT 53 DNS on the wireguardinterface? as I cant even ping the device on subnet...even with forward rules beeing in place between WG Ips and LAN IPs

This is not a dnsmasq issue, at least not at the root. We know this because dnsmasq only affects DHCP and DNS, it doesn't have anything to do with routing.

Let's look at your configs.... we'll need to see the router's config as well as the remote peer's wireguard configuration.

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/firewall
## Don't forget to also provide the config from the remote WG peer
1 Like

Thanks a lot psherman, for help, I could solve problem, added a forward for DNS port 53 (from Wireguardinterface ) to LAN IP on router, and now, it works, so happy, I can connect now sucessfully, what a idiot I am, to not think about to forward DNS port 53 incomming from Wireguardinterface to IP of Router in LAN to Port IP 53, sorry...we can close this case...Thanks for patience and offer to help me!!!

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks! :slight_smile:

1 Like