Wireguard as default gw

mmm, I see.

I'm just surprised there is not a generic solution in openwrt to this situation yet, as seems to me I am not doing something too weird here.

I'll get my head around all the documentation you pointed out and report back.

Regards,

Maybe there is, but I am not aware off. Generally for road warrior setup (that's what I call what you are trying to get) openvpn is the better solution. I use wireguard only for site-to-site VPN.

With tcpdump I can see the incoming handshakes from the remote peer.

If I set the tunnel that "works"
AllowedIPs = 10.10.10.1/32, 192.168.17.0/24
I can see the communication between peers

# tcpdump -n -i any udp port 51820
01:58:58.957660 IP public_ip.42737 > 192.168.1.254.51820: UDP, length 148
01:58:58.981970 IP 192.168.1.254.51820 > public_ip.42737: UDP, length 92

If I set the tunnel that "doesn't work"
AllowedIPs = 0.0.0.0/0
I can see the communication between peers being "asymetric".

# tcpdump -n -i any udp port 51820
02:14:00.053064 IP public_ip.42737 > 192.168.172.254.51820: UDP, length 148
02:14:00.077433 IP 10.10.10.1.51820 > public_ip.42737: UDP, length 92

The response with source IP 10.10.10.1 doesn't seem right.
To fix it, I added the following route manually

# ip route add public_ip/32 via 192.168.1.1 dev eth0.2

And after a few seconds, magic happens

# tcpdump -n -i any udp port 51820
03:01:25.806255 ethertype IPv4, IP public_ip.42737 > 192.168.172.254.51820: UDP, length 128
03:01:25.806255 IP public_ip.42737 > 192.168.172.254.51820: UDP, length 128
03:01:26.720308 IP 192.168.172.254.51820 > public_ip.42737: UDP, length 128

And now it also works from a client.

Now I need to figure out how to make this permanent. I'll have to create some sort of script that gets the public IP and creates the route. :upside_down_face:

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.