AeglosGreeenleaf posted a topic in NetworkingI have been setting up a Wireguard VPN network to access computers on a local network. The LAN I need access to created by an EdgeRouter X (v1.10.9) who's WAN connection is provided by a larger network which I cannot port forward or control. To circumvent this, I setup a remote server (VPS/Droplet) running Wireguard, and plan on connecting both the EdgeRouter and remote clients to that. I am able to connect both the EdgeRouter and remote client (my laptop) to the server successfully, but cannot access the computers behind the router. I have been roughly following this guide: https://gist.github.com/insdavm/b1034635ab23b8839bf957aa406b5e39 Looking at my configuration below, what do I need to change? My local network is 10.10.1.1 and my VPN is 10.10.2.1. Server Wireguard config (using wg-quick): [Interface] Address = 10.10.2.1/24 PrivateKey = <private server key> ListenPort = 51820 PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i wgo -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE # EdgeRouter [Peer] PublicKey = <public router key> AllowedIPs = 10.10.2.2/32, 10.10.1.0/24 # laptop [Peer] PublicKey = <public laptop key> AllowedIPs = 10.10.2.3/32 Laptop Wireguard config (using wg-quick): [Interface] PrivateKey = <private laptop key> ListenPort = 51820 Address = 10.10.2.3/24 [Peer] PublicKey = <public server key> AllowedIPs = 10.10.0.0/16 Endpoint = <public server ip>:51820 PersistentKeepalive = 25 Router Wireguard Config (EdgeMax commands): configure edit interfaces wireguard wg0 set address 10.10.2.2/24 set listen-port 51820 set route-allowed-ips true set peer <public server key> endpoint <public server ip>:51820 set peer <public server key> allowed-ips 10.10.2.1 set peer <public server key> allowed-ips 10.10.0.0/16 set peer <public server key> persistent-keepalive 25 set private-key <private router key> exit commit save exit The router also has a firewall rule in WAN_LOCAL which allows 51820/udp. The server also has a firewall but 51820/udp is allowed. Again, both the router and laptop connect and can ping 10.10.2.1, but neither can ping each other and the laptop cannot ping anything on the 10.10.1.0/24 range. Please let me know if you need more information, and thank you!