Hi guys,
yeah i know there are already alot of topics about similar issues but they did not solve my problem. Maybe because of my additional vpn for all outgoing traffic of vlan.44.
The problem I am unable to solve is that clients connected via wireguard cann not access my server within the vlan.44.
In this case my mobile phone can connect to the wireguard over the mobile network and can access the luci interface on vlan.44 (192.168.44.1). But i am unable to access any other devices within the 192.168.44.0/24 network.
cat network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd3e:f85f:fb99::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1'
config bridge-vlan
option device 'br-lan'
option vlan '1'
list ports 'eth1:t*'
config bridge-vlan
option device 'br-lan'
option vlan '44'
list ports 'eth1:t'
config device
option name 'eth1'
option macaddr (hidden)
config interface 'lan'
option device 'br-lan.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'lan44'
option device 'br-lan.44'
option proto 'static'
option ipaddr '192.168.44.1'
option netmask '255.255.255.0'
config device
option vid '1'
option type '8021q'
option name 'br-lan.1'
option ifname 'br-lan'
config device
option vid '44'
option ifname 'br-lan'
option name 'br-lan.44'
option type '8021q'
config device
option name 'eth0'
option macaddr (hidden)
config interface 'wan'
option device 'eth0'
option proto 'pppoe'
option username (hidden)
option password (hidden)
option ipv6 'auto'
config interface 'wan6'
option device 'eth0'
option proto 'dhcpv6'
config interface 'nordlynx'
option proto 'wireguard'
list addresses '10.5.0.2/32'
option private_key (hidden)
config wireguard_nordlynx
option endpoint_port '51820'
option public_key (hidden)
option description 'NL'
option endpoint_host (hidden)
option persistent_keepalive '25'
list allowed_ips '0.0.0.0/0'
config route
option table '10'
option target '0.0.0.0/0'
option interface 'nordlynx'
config rule
option in 'lan44'
option lookup '10'
config route
option table '11'
option target '0.0.0.0/0'
option interface 'wan'
config rule
option in 'lan'
option lookup '11'
config interface 'wg0'
option proto 'wireguard'
option private_key (hidden)
option listen_port '6666'
list addresses '10.0.0.1/24'
config wireguard_wg0
option description 'phone'
option public_key (hidden)
option private_key (hidden)
option preshared_key (hidden)
option persistent_keepalive '25'
option route_allowed_ips '1'
list allowed_ips '10.0.0.10/32'
config route
option table '9'
option interface 'lan44'
option target '0.0.0.0/0'
config rule
option lookup '9'
option in 'wg0'
cat firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option forward 'REJECT'
config zone
option name 'lan44'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan44'
config zone
option name 'wg0'
option input 'ACCEPT'
option output 'ACCEPT'
list network 'wg0'
option forward 'ACCEPT'
config zone
option name 'nordlynx'
option input 'DROP'
option forward 'DROP'
list network 'nordlynx'
option masq '1'
option output 'DROP'
config forwarding
option src 'wg0'
option dest 'lan44'
config forwarding
option src 'lan44'
option dest 'nordlynx'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option dest_port '6666'
option src 'wan'
option name 'wan-local-wg'
option target 'ACCEPT'
list proto 'udp'