Hi folks,
I spend a few day trying to get wireguard up an running on two (virtual) lede-routers. Acualy the wireguard-Part seems to work. but I aint got no access to other ressources on the remote network.
The (virtual-) infrastrukture looks like this:
Host A
(LAN) (not connected)
^ ^
I I
LAN 172.16.1.x LAN 172.16.2.x
WAN 192.168.100.1 <-> WAN 192.168.100.2
The wireguard-config looks like this:
Host A:
config interface 'VPN_WG0'
option proto 'wireguard'
option private_key 'xxxxx'
option listen_port '51820'
list addresses '10.0.0.1/24'
config wireguard_VPN_WG0
option public_key 'yyyyyyyyy'
option route_allowed_ips '1'
option endpoint_host '192.168.100.2'
option endpoint_port '51820'
option persistent_keepalive '25'
list allowed_ips '10.0.0.0/24'
list allowed_ips '172.16.2.0/24'
Host B:
config interface 'VPN_WG0'
option proto 'wireguard'
option private_key 'xxxxx'
option listen_port '51820'
list addresses '10.0.0.2/24'
config wireguard_VPN_WG0
option public_key 'yyyyyyyyy'
option route_allowed_ips '1'
option endpoint_host '192.168.100.1'
option endpoint_port '51820'
option persistent_keepalive '25'
list allowed_ips '10.0.0.0/24'
list allowed_ips '172.16.1.0/24'
With this configuration I am able to ping the 10.0.0.x-addresses crosswise and also the router-ip-addresses but no other address on either side.
I tryed several firewall-settings, adding the interface to the lan-zone, creating a different zone with allowing forwarding and nat-ing pritty similar to usual wan-configuration. Nothing worked out!
My prefered seting would be pure routing without nat and I cant see what holde me back from this, but actualy I might miss something.
When setting the "option route_allowed_ips '1'" it setup routes to the interfaces so what am I missing?
Thanks in advance
Tobias