hi. i have wireguard server in my office on an asus ax5400. i have (in my home) a openwrt netgear router. i successfully created a wireguard client on this negear routwer AND it connects to the rmeote asus correctly. BUT i cannot open the remote asus web interface. i can ping and tracert to the asus with no problem. can also tracert to other devices in the remote subnet (wd nas) . BUT none of these 2 devices (remote asus router, and remote subnet nas) can be accessed thru a web browser!!!!!! so, accessing thru a web browser is issue. btw the internet on my openwrt subnet also works on SOME websites when connected thru the tunnel; some websites DONT open. i have forwarded/configured the dns for the tunnel; still web browser interfaces dont work and some websites dont open. can someone please help!!!
Is the asus router running openwrt?
no. its the default asus firmware
if i install wireguard software on my windows pc and import the client config file, everything works WONDERS thru the vpn tunnel (not connected thru openwrt router. connected directly to my home gateway). only when trying to connect thru the openwrt router, there is this issue.
can openwrt firewall be completely disabled? this might allow traffic to flow from EVERYWHERE to EVERYWHERE. really dont know how firewalls work, just guessing to find a solution...... i.e. IF firewall might be the problem.
Could be an MTU mismatch issue. Is it the same on both endpoints?
it is same. i.e. 1500
i realised what the problem is. the remote ip address of asus is 192.168.1.1
the EARLIER ip of openwrt router was 192.168.1.1 (the default). BUT i changed this to 192.168.8.8 just afterwards. BUT the openwrt router is still not letting let go of this 192.168.1.1 address. i realised this as sometimes i get the "luci - lua configuration page" on this ip. AND when coneected to this openwrt router with wireguard client disabled, i connected thru pc wireguard client software, AGAIN 192.168.1.1 cannot be opened! thus the openwrt router is not forwarding the 192.168.1.1/24 properly!!!
It could also be the target host's firewall allowing access only from the local subnet.
Enable masquerading for the LAN firewall zone on the remote VPN peer.
1500 is too much for tunnel MTU. Reduce it to 1420 for both endpoints.
Also fix the IP address conflict.
how can i fix the ip conflict?? actually,there is none. the openwrt doesnt want to let go of the old (its default) ip. i can access the openwrt interface on new .8.8 ip correctly BUT the old ip of 1.1 sometimes shows a one liner webpage ("luci - lua configuration page"). thus openwrt have a cache or something that i can clear?
That's more likely to be a browser cache issue rather than the OpenWRT device holding onto the IP address.
cleared the cache and all. also tried a completely new browser.it is for sure openwrt issue
What is the output of uci show network.lan ?
whre do i run this command?
putty or ssh from cmd?
If you change the routers IP address you have to login to that new address within 90? seconds.
Otherwise it will revert (I learned that the hard way).
But to login your client needs to get a new DHCP lease with the right address/subnet, however this does not always happen automatically.
So after changing the routers ip address do from windows cmd: ipconfig /renew and login to the openwrt router at the new address.
putty is an SSH client, so your two options are equal. In other words: Either from Putty or via any other SSH client. But yes: you need to run it from the command line.
root@OpenWrt:~# uci show network.lan
network.lan=interface
network.lan.device='br-lan'
network.lan.proto='static'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.lan.ipaddr='192.168.8.8'
Very good, and is the setting applied to runtime?
ip -4 addr
i have no idea what to make of the following output!!! here it is:
root@OpenWrt:~# ip -4 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1420 qdisc mq state UP qlen 1000
inet 192.168.4.188/24 brd 192.168.4.255 scope global eth1
valid_lft forever preferred_lft forever
14: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1420 qdisc noqueue state UP qlen 1000
inet 192.168.8.8/24 brd 192.168.8.255 scope global br-lan
valid_lft forever preferred_lft forever
BTW i had changed the mtu as u had asked. u can see that in the above output.