What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Recent content by ZebMcKayhan

  1. Z

    Release Asuswrt-Merlin 3006.102.6 is now available

    Your peer 2 is set to the whole wireguard subnet. It is not allowed to have overlapping ip in AllowedIPs between peers which is probably why its not working. For each peer, if you only use single devce to connect in (not site-to-site) the AllowedIPs (server) should only be each client wg ip /32...
  2. Z

    Release Asuswrt-Merlin 3006.102.6 is now available

    The mtu setting for wireguard server interface is currently not possible to change in gui. Use merlin user scripts: https://github.com/RMerl/asuswrt-merlin.ng/wiki/User-scripts Like this https://www.snbforums.com/threads/wireguard-server-tweaks.85758/post-852124 Check your settings under...
  3. Z

    Cannot access lan on AX-86U through Hub and Spoke wireguard

    Thats great news!! So do you know what you problem really was? Please share. The ipv6/ipv4 stuff should not matter. If you have a very unsymmetrical speed this could very well be the case. Additionally if you are accessing smb shares, the added latency over vpn is a killer for smb due to how...
  4. Z

    Wireguard server not using DNS settings that are defined in WAN settings

    Did you enable custom scripts in gui?
  5. Z

    Cannot access lan on AX-86U through Hub and Spoke wireguard

    The keys are indeed confusing for me as well. Each interface (like wgs1) have a private key and a public key. But wgs1 only have its own private key in its config. Whoever connects into wgs1 has wgs1 public key under its peer directive. Wgs1 also have 1 or more clients that can connects to it...
  6. Z

    Cannot access lan on AX-86U through Hub and Spoke wireguard

    According to wg manual https://man7.org/linux/man-pages/man8/wg.8.html when you set an endpoint it does not go into the interface wgs1, but it needs to go in under a specific peer in wgs1: So, in order to add in an endpoint we need to specify to which peer (client) under wgs1 it should be...
  7. Z

    Wireguard Connecting via IPv6

    Depending on what client you have and which app you are using perhaps there is a setting there somewhere?? No, as this is not related to peer ipv4/ipv6, it's about the udp tunnel. The tunnel is always over ipv4 OR ipv6, never both. It's always the client that chooses if the tunnel is over ipv4...
  8. Z

    Cannot access lan on AX-86U through Hub and Spoke wireguard

    Yes! No, there is no option for that. 10.0.0.x will directly contact your server as is. Its typical for Windows to only allow local ips unless specifically opened up for other ips. You will need to allow 10.0.0.0/24 in the Windows firewall.
  9. Z

    Cannot access lan on AX-86U through Hub and Spoke wireguard

    What do you mean with switched wan? The server needs to allow connections from wg network.perhaps its already done, but check? can you trace to asus router lan ip 192.168.3.1? Can you give me all AllowedIPs on all devices and I could take a look if something is wrong.
  10. Z

    Wireguard Connecting via IPv6

    It would be up to the client trying to connect if should use ipv4 or ipv6. If its trying to use ipv4 and it does not work Im not too sure it will try with ipv6 as Wireguard doesnt have any active connection tracking. I have created a ddns with only ipv6 in it and no ipv4 to force ipv6 usage.
  11. Z

    Cannot access lan on AX-86U through Hub and Spoke wireguard

    Ah, ok. So its not a site-2site? Just some clients connecting to the vps and want to reach your server on lan? So you should set Inbound firewall=allow Nat=no Keeping allowedIPs on asus router 10.0.0.0/24 should be fine. On the vps peer asus router connects to should have AllowedIP...
  12. Z

    Cannot access lan on AX-86U through Hub and Spoke wireguard

    Its tricky without knowing all the details. You will need to provide all ips involved in this. Your issue is probably in AllowedIPs somewhere. It usually is. I can see a server ip, 192.168.3.46, is that an ip on a remote lan also connecting into the vps? I can see the Wireguard subnet...
  13. Z

    Wireguard Connecting via IPv6

    No, I meant on the client device. As you cant make the handshake, your device is likely not reaching the router. Local wg ip hasnt come into play yet. thats no cgnat address, so what have changed? I did see your other posts and it looks like your back on public ipv4?
  14. Z

    Wireguard Connecting via IPv6

    If the handshake fails then the tunnel does not work on a lower level. How are you setting the endpoint in your client? Are you using ipv6 as it is? Br0 ipv6 or wan iov6? Or are you using ddns, and if so, how do you know its trying to use ipv6). Iirc i did setup wgm for direct connection using...
  15. Z

    Cannot access lan on AX-86U through Hub and Spoke wireguard

    The setting you are looking for is called: Inbound firewall. You should set it to allow. You also need to setup vpndirector rules. For reference, here is my setup, which initially used an addon for witrguard...
See more
Back
Top