Posted June 20, 2019 I have been setting up a Wireguard VPN network to access computers on a local network. The LAN I need access to created by an EdgeRouter X (v1.10.9) who's WAN connection is provided by a larger network which I cannot port forward or control. To circumvent this, I setup a remote server (VPS/Droplet) running Wireguard, and plan on connecting both the EdgeRouter and remote clients to that. I am able to connect both the EdgeRouter and remote client (my laptop) to the server successfully, but cannot access the computers behind the router. I have been roughly following this guide: https://gist.github.com/insdavm/b1034635ab23b8839bf957aa406b5e39 Looking at my configuration below, what do I need to change? My local network is 10.10.1.1 and my VPN is 10.10.2.1. Server Wireguard config (using wg-quick): [Interface] Address = 10.10.2.1/24 PrivateKey = <private server key> ListenPort = 51820 PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i wgo -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE # EdgeRouter [Peer] PublicKey = <public router key> AllowedIPs = 10.10.2.2/32, 10.10.1.0/24 # laptop [Peer] PublicKey = <public laptop key> AllowedIPs = 10.10.2.3/32 Laptop Wireguard config (using wg-quick): [Interface] PrivateKey = <private laptop key> ListenPort = 51820 Address = 10.10.2.3/24 [Peer] PublicKey = <public server key> AllowedIPs = 10.10.0.0/16 Endpoint = <public server ip>:51820 PersistentKeepalive = 25 Router Wireguard Config (EdgeMax commands): configure edit interfaces wireguard wg0 set address 10.10.2.2/24 set listen-port 51820 set route-allowed-ips true set peer <public server key> endpoint <public server ip>:51820 set peer <public server key> allowed-ips 10.10.2.1 set peer <public server key> allowed-ips 10.10.0.0/16 set peer <public server key> persistent-keepalive 25 set private-key <private router key> exit commit save exit The router also has a firewall rule in WAN_LOCAL which allows 51820/udp. The server also has a firewall but 51820/udp is allowed. Again, both the router and laptop connect and can ping 10.10.2.1, but neither can ping each other and the laptop cannot ping anything on the 10.10.1.0/24 range. Please let me know if you need more information, and thank you! Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now