Wireguard - can ping both ways, but no access to network

Hi,

I've got OpenWrt 19.07.2 and Wireguard installed on a old router which operates as a switch behind my ISP router.
I can ping both ways between a peer and the switch via the Wireguard tunnel, but I do not seem to get the settings correct to ping from the peer to devices connected to the switch.

Switch ip address: 192.168.2.200
Switch Wireguard interface addresses: 10.66.66.1/24, fd42:42:42::1/64
Switch Wireguard peer allowed addresses: 192.168.2.0/32, 10.66.66.2/32, fd42:42:42::2/128

Peer Wireguard interface addresses: 10.66.66.2/24, fd42:42:42::2/64
Peer Wireguard peer allowed addresses: 0.0.0.0/0, ::/0

Can anyone point me into the right direction?

You will need to add static routes for your wireguard gateway on the ISP router (and I'd recommend to defer IPv6 until you have IPv4 running).

1 Like

Delete this one.

Also, as @slh mentioned, on the client peer add the "route allowed IPs" or create a static route upon tunnel creation.

1 Like

Thanks both for your prompt reply. I thought I the WireGuard protocol could do without a static route by using the 'allowed addresses'. I've got it working now. Thank you both!
I'll read up some more on this protocol.

2 Likes

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.