Wireguard server access client

kokitodaito · April 1, 2021, 4:18am

So I set two routers as wireguard server and client, when the connection is established, I can ping server's subnet(192.168.123.0/24) and wg address(10.0.0.1) from client, but I can't access client's subnet(192.168.10.0/24) from server, I can only ping client's wg address(10.0.0.2).

When I check the server's route I found I miss the route to client, so I add the route to client's subnet:

ip route add 192.168.123.0/24 dev wg0

But it returned:

PING 192.168.123.1 (192.168.123.1): 56 data bytes
ping: sendto: No error information

Now I don't know how to route the traffic to client's subnet, can anyone help?

Here is my config:

Server:

interface: wg0
  public key: xxx
  private key: (hidden)
  listening port: 51980

peer: xxx
  endpoint: xxx:40066
  allowed ips: 10.0.0.2/32, 192.168.10.0/24
  latest handshake: 1 second ago
  transfer: 3.10 MiB received, 55.41 MiB sent
  persistent keepalive: every 25 seconds


Client:

interface: wg0
  public key: xxx
  private key: (hidden)
  listening port: 64426

peer: xxx
  endpoint: x.x.x.x:51980
  allowed ips: 0.0.0.0/0, ::/0
  latest handshake: 3 minutes, 6 seconds ago
  transfer: 34.84 MiB received, 10.93 MiB sent
  persistent keepalive: every 25 seconds

trendy · April 1, 2021, 8:14am

On both server and client please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have

ubus call system board; \
uci export network; uci export firewall; \
head -n -0 /etc/firewall.user; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru