Wireguard server: only TX when using public 4G network

AndrewZ · August 6, 2023, 8:03am

Just open its web interface and take a look.

MatteoDXB · August 6, 2023, 8:04am

I can't login, due to ISP policy we can't access the hag. Even by looking around, there is no login and password that work to access the hag.

AndrewZ · August 6, 2023, 8:05am

Game over.

MatteoDXB · August 6, 2023, 8:10am

Good... question: I have an on-cloud server that has public IP. Can I pass via that one to control the devices in my home network and to browse the internet like I am at home? I have already a wireguard server there.

AndrewZ · August 6, 2023, 8:15am

Yes, that is possible.

MatteoDXB · August 6, 2023, 8:17am

Interesting... what shall I do?

AndrewZ · August 6, 2023, 8:26am

First establish the connectivity between the endpoints over WG and make sure that all the routes are in place at all the endpoints.
Then configure the OpenWrt firewall to enable traffic passthrough in the desired direction(s).
I suggest creating a separate zone for WG, initially making it the exact copy of WAN zone, then disable NAT on it (Masquerading) and then configure the necessary allow rules.
Once you have communication between all the endpoints you can customize your setup, for example, to allow traffic coming from WG to go out through WAN.

MatteoDXB · August 6, 2023, 10:55am

I think I will need more details... Once that I connect the router to the server, what shall I do exactly?

MatteoDXB · August 6, 2023, 11:33am

Edit: I fixed the connection between the router and the remote server. I have now my phone connected to the remote server containing the WireGuard server via 4G and my router connected to the remote server containing the WireGuard server via ISP. Basically both of them are 2 clients of the same server.

The remote server has ubuntu 22.04, the wireguard server has 10.66.66.1 IP, the phone 10.66.66.2 and the router 10.66.66.3.

I would need now to be able to redirect all traffic from the phone to the ISP and to ensure I can access all devices in my home.

psherman · August 6, 2023, 8:39pm

You need to add a static route to your remote server:

192.168.1.0/24 via 10.66.66.3

and you need to make sure that

your phone has 192.168.1.0/24 listed in the allowed IPs field (unless it has 0.0.0.0/0, in which case no additional entries are required)
your openWrt router has the wireguard interface associated with the lan firewall zone (or if in another zone, make sure it is not in the wan zone, and you need to have forwarding to the lan zone allowed; easiest is if it is simply included in the lan zone).

MatteoDXB · August 7, 2023, 1:35pm

Wednesday I will be home I will check