Setup beebeep no server lan firewall6/30/2023 I suspect this is expected behaviour, but I need to reach e.g. 10.0.0.247: outside the range, just hangs.10.0.0.248 (the Wireguard server): responds fine.10.0.0.1 (set as DNS in the Wireguard client: responds fine.I have done some further testing - with the 10.0.0.248/29 range under the 'wg' interface in /etc/config/network, I seem to be able to ping all IPs in that range, e.g.: Thanks - I modified my config, so allowed_ips is 10.0.0.250/32 (address I want the client to use). I have tried allow_routed_ips (which pops up here in the forums quite a lot but does not seem to be meant for this kind of setup), makes no difference. Surfing does not, so it looks like DNS is being hijacked by the Wireguard connection, which should only handle 10.0.0.x connections?.Pinging a remote IP from the smartphone (e.g.Pinging any other LAN client from my smartphone does not work.I can ping the router's LAN IP (10.0.0.1) from my smartphone (10.0.0.250) and vice versa.Transfer: 130.29 KiB received, 53.94 KiB sent The wireguard server seems to come up correctly and a connection gets established: # wg etc/config/firewall looks OK as well: config rule Server configuration - /etc/config/network: config interface 'wg0' The intention is for the remote client to have access to the whole LAN, so from what I gathered putting the whole subnet in allowed_ips is OK? I have 'backported' the latest Wireguard commits from master to 18.06, but it all compiled fine, and the connection gets established, so I do not think this is an issue, but I am mentioning it just in case. ![]() Wireguard interface gets a high IP outside that scope so there shouldn't be any collisions afaik. The LAN is a 10.0.0.x subnet, with a very limited DHCP range (.30-.60). I have set up a Wireguard server on my OpenWrt router, and configured my Android client with the Wireguard app. What I would like to achieve seems pretty simple, but at the moment it's very elusive: access to my LAN with a remote client. I'm new to Wireguard (and the whole VPN thing altogether). This is one to add to the pile, probably.
0 Comments
Leave a Reply. |