mmm, I see.
I'm just surprised there is not a generic solution in openwrt to this situation yet, as seems to me I am not doing something too weird here.
I'll get my head around all the documentation you pointed out and report back.
Regards,
Maybe there is, but I am not aware off. Generally for road warrior setup (that's what I call what you are trying to get) openvpn is the better solution. I use wireguard only for site-to-site VPN.
With tcpdump I can see the incoming handshakes from the remote peer.
If I set the tunnel that "works"
AllowedIPs = 10.10.10.1/32, 192.168.17.0/24
I can see the communication between peers
# tcpdump -n -i any udp port 51820
01:58:58.957660 IP public_ip.42737 > 192.168.1.254.51820: UDP, length 148
01:58:58.981970 IP 192.168.1.254.51820 > public_ip.42737: UDP, length 92
If I set the tunnel that "doesn't work"
AllowedIPs = 0.0.0.0/0
I can see the communication between peers being "asymetric".
# tcpdump -n -i any udp port 51820
02:14:00.053064 IP public_ip.42737 > 192.168.172.254.51820: UDP, length 148
02:14:00.077433 IP 10.10.10.1.51820 > public_ip.42737: UDP, length 92
The response with source IP 10.10.10.1 doesn't seem right.
To fix it, I added the following route manually
# ip route add public_ip/32 via 192.168.1.1 dev eth0.2
And after a few seconds, magic happens
# tcpdump -n -i any udp port 51820
03:01:25.806255 ethertype IPv4, IP public_ip.42737 > 192.168.172.254.51820: UDP, length 128
03:01:25.806255 IP public_ip.42737 > 192.168.172.254.51820: UDP, length 128
03:01:26.720308 IP 192.168.172.254.51820 > public_ip.42737: UDP, length 128
And now it also works from a client.
Now I need to figure out how to make this permanent. I'll have to create some sort of script that gets the public IP and creates the route. 
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.