Wireguard with ospf and static routes

I've a setup as shown in the below image. I'm using quagga(ospf) in OpenWRT_Routers and as well as in wireguard_vpns. I'm able to propagate Static routes across vpn tunnel.
I'm not able to reach from OpenWRT_Router_1 and this is getting blocked in wireguard_vpns because of allowed_ip doesnt have this route. How can I make this communication happen where both the OpenWRT_Routers should be able to communicate to the network and

I'm using wg_2 interface just for ospf.

Below is the configuration in wireguard_vpn1 with wg_1 and wg_2 interfaces

and below is the configuration in wireguard_vpn2 with wg_1 and wg_2 interfaces

Any help will be greatly appreciated

You either need to add and to the allowed ips in the relevant peers. Or use masquerading on the OpenWRT routers to rewrite the source/destination IP to one which is in the currently allowed ip settings.

1 Like

If I need to add and to the allowed ips, shouldn't I need to add it in both wg_1 and wg_2 of wireguard_vpn1 and wireguard_vpn2, and adding same network for multiple interfaces is not allowed by wireguard.
If I do masquerading on OpenWRT routers then destination network not change, destionation network will be either or, which doesnt help. I do have already mqasquerading enabled in OpenWRT routers.

Unless you were intending traffic from/to those subnets to flow over both WG interfaces then you'd only need to add them to the relevant peers in wg_1.

Even if you were intending to use both interfaces then it shouldn't be an issue adding the addresses to both. One interface isn't going to know what's been added to the other. Your issue will be one of routing to the correct interface.

1 Like