Tell the ISP router to route 10.14.0.0/24 through The wire guard server, it looks like its 192.168.10.130. No need for NAT
The ISP router is pretty dumb and setting static routes is an impossible task. The only reason the landlord wants to keep it is the landline phone.
Anyway, I scratched my head these days and it seems after all the help I got from the others the server seems to work as I needed it to work.
Thank you for your suggestion. In the meantime I made some changes (modifying the tunnel to use LAN addresses) and using the masquerading on the LAN zone did the trick.
Now, the entire system works as I wanted to.
After connecting to the WG server, I am able to connect with the rest of the LAN devices and also surf the internet through the ISP router.
I am sharing here the working network and the firewall configuration.
Thank you all very much for your support
network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fd14:2010:ab01::/48'
network.atm=atm-bridge
network.atm.vpi='1'
network.atm.vci='32'
network.atm.encaps='llc'
network.atm.payload='bridged'
network.atm.nameprefix='dsl'
network.atm.unit='root'
network.dsl=dsl
network.dsl.annex='b'
network.dsl.firmware='/lib/firmware/adsl.bin'
network.lan=interface
network.lan.type='bridge'
network.lan.proto='dhcp'
network.lan.ifname='eth0'
network.wan=interface
network.wan.ifname='dsl0'
network.wan.proto='pppoe'
network.wan.username='username'
network.wan.password='password'
network.wan.ipv6='1'
network.wan_dsl0_dev=device
network.wan_dsl0_dev.name='dsl0'
network.wan_dsl0_dev.macaddr='xx:xx:xx:xx:xx:xx'
network.wan6=interface
network.wan6.ifname='@wan'
network.wan6.proto='dhcpv6'
network.wg0=interface
network.wg0.proto='wireguard'
network.wg0.private_key='...'
network.wg0.listen_port='51820'
network.wg0.addresses='192.168.10.131/32'
network.@wireguard_wg0[0]=wireguard_wg0
network.@wireguard_wg0[0].public_key='...'
network.@wireguard_wg0[0].description='Phone'
network.@wireguard_wg0[0].persistent_keepalive='25'
network.@wireguard_wg0[0].allowed_ips='192.168.10.132/32'
network.@wireguard_wg0[0].route_allowed_ips='1'
firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood='1'
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='ACCEPT'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].device='br-lan' 'eth0' 'radio0.network1' 'radio0.network2'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[0].network='lan wg0'
firewall.@zone[0].masq='1'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'
firewall.@zone[1]=zone
firewall.@zone[1].name='wg_zone'
firewall.@zone[1].input='ACCEPT'
firewall.@zone[1].forward='ACCEPT'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].masq='1'
firewall.@zone[1].device='wg0'
firewall.@zone[1].network='wg_zone'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].dest='lan'
firewall.@forwarding[0].src='wg_zone'
firewall.@forwarding[1]=forwarding
firewall.@forwarding[1].dest='wg_zone'
firewall.@forwarding[1].src='lan'
dhcp.@dnsmasq[0]=dnsmasq
dhcp.@dnsmasq[0].domainneeded='1'
dhcp.@dnsmasq[0].boguspriv='1'
dhcp.@dnsmasq[0].filterwin2k='0'
dhcp.@dnsmasq[0].localise_queries='1'
dhcp.@dnsmasq[0].rebind_protection='1'
dhcp.@dnsmasq[0].rebind_localhost='1'
dhcp.@dnsmasq[0].local='/lan/'
dhcp.@dnsmasq[0].domain='lan'
dhcp.@dnsmasq[0].expandhosts='1'
dhcp.@dnsmasq[0].nonegcache='0'
dhcp.@dnsmasq[0].authoritative='1'
dhcp.@dnsmasq[0].readethers='1'
dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.auto'
dhcp.@dnsmasq[0].nonwildcard='1'
dhcp.@dnsmasq[0].localservice='1'
dhcp.lan=dhcp
dhcp.lan.interface='lan'
dhcp.lan.start='100'
dhcp.lan.limit='150'
dhcp.lan.leasetime='12h'
dhcp.lan.dhcpv6='server'
dhcp.lan.ra='server'
dhcp.lan.ra_management='1'
dhcp.wan=dhcp
dhcp.wan.interface='wan'
dhcp.wan.ignore='1'
dhcp.odhcpd=odhcpd
dhcp.odhcpd.maindhcp='0'
dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
dhcp.odhcpd.loglevel='4'
On the phone, the WG client configuration looks like this:
Address: 192.168.10.132/32
DNS Servers: 192.168.10.1 #ISP router's address
Peer configuration
Allowed IPs: 0.0.0.0/0
Endpoint: my-server:51820
In the firewall, your "lan" zone has networks "lan" and "wg0"; I think you should delete "wg0" here. Also, your "wg_zone" has "wg0" as a device (instead of a network) and a non existing "wg_zone" network.
Indeed, "wg0" is now on the "lan" zone. Yesterday, I tried out a few things and placing "wg0" interface with the "lan" zone was one of them. I need to do a bit of cleanup and try out as suggested
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.