I want to route 192.168.2.0 IPs through the 10.0.0.1 Wireguard interface, and it works for a time using my static route.
But unfortunately for some reason, after some time i'm not able to get access to these ip's anymore. When trying to login into the OpenWRT device itself i still can ping and traceroute these ip's, but from my LAN connected devices not.
What's the problem here? I have never seen something like that, kind of self-destruction.
Here running fine
chairman@workstation:~$ traceroute 192.168.2.1
traceroute to 192.168.2.1 (192.168.2.1), 30 hops max, 60 byte packets
1 OpenWrt.lan (192.168.1.1) 0.317 ms 0.381 ms 0.443 ms
2 10.0.0.1 (10.0.0.1) 448.333 ms 449.055 ms 466.175 ms
3 192.168.2.1 (192.168.2.1) 466.933 ms 470.350 ms 470.513 ms
Target network 192.168.2.0/24 255.255.255.0 netmask, via 10.0.0.1 for all 192.168.1.0/24 adresses.
It works for some time, and later traceroute ends up with 192.168.43.1 for some reason.
From the other side it works, able to traceroute to 192.168.1.1.
Fixxed it for now.
I added 10.0.0.1 (remote peer) to ipv4 gateway on "br-lan"
Is this a proper solution?
EDIT: Seems like the problem has not been solved yet.
After a reboot same situation like in the beginning.
traceroute 192.168.2.1
traceroute to 192.168.2.1 (192.168.2.1), 30 hops max, 60 byte packets
1 OpenWrt.lan (192.168.1.1) 0.340 ms 0.415 ms 0.463 ms
2 192.168.43.1 (192.168.43.1) 7.721 ms 8.360 ms 8.423 ms
I have reset everything to default now.
So i got my basic setup again.
The LAN part (br-lan), currently without relayd bridge.
The wwan0 wifi Radio, which is connected to another WiFi network to provide the internet connection.
The configured and working wireguard-wg0 interface.
What do i have to do in order to passthrough the devices connected to br-lan, to wwan0 via wg0?
Is it a good idea to create a classic bridge, something like using brctl, bridge-utils instead of relayd?
The weird thing is, it has worked, but only sometimes, and only for a few hours.
Is there a specific reason you need the LAN part of your router to be in the same broadcast domain with the wireless of the wwan? This is essentially complicating things too much.
No there is no reason.
Only thing i wanted to achieve is the route from the LAN devices, to the remote network 192.168.2.0 via 10.0.0.1.
How it's done doesn't matter, but unfortunately i only know the relayd way.
Other targets (except 192.168.2.0) should be routed to the internet (wwan0)
The wan interface is not in use in my case.
I got a photo now, maybe it's easier to understand.
Traffic to 192.168.2.0, somehow should go to the Wireguard interface.
Everything else to the internet.
Then there is no need to setup any relay protocol.
On OpenWrt you have the LAN bridge which covers lan ports and the wireless access point.
Create the wwan interface that connects as station to the AndroidAP, assign it to wan firewall zone and you have internet already.
Then setup WireGuard to connect to the home, allow the necessary subnets from each side and route those subnets.
Thanks, seems like it has solved the problem.
Now i got one issue left.
How can i set up this rule using LuCi?
It only works when i perform this command using SSH
ip route add 192.168.2.0/24 via 10.0.0.1
The LuCi version does not seem to be applied, because when i use ip route show, there is nothing. Only when using the command above
No need to do it like this.
Add it in the list of allowed IPs for the peer and select to route the allowed IPs.
If it still doesn't work, post here the uci export network
Thanks friend, it works fine this way!!! In conclusion it's very easy.
To conclude the issue was the relayd bridge. Thanks for your help with the firewall stuff.
Thanks.