What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Search results

  1. Z

    Cannot access lan on AX-86U through Hub and Spoke wireguard

    Thats great news!! So do you know what you problem really was? Please share. The ipv6/ipv4 stuff should not matter. If you have a very unsymmetrical speed this could very well be the case. Additionally if you are accessing smb shares, the added latency over vpn is a killer for smb due to how...
  2. Z

    Wireguard server not using DNS settings that are defined in WAN settings

    Did you enable custom scripts in gui?
  3. Z

    Cannot access lan on AX-86U through Hub and Spoke wireguard

    The keys are indeed confusing for me as well. Each interface (like wgs1) have a private key and a public key. But wgs1 only have its own private key in its config. Whoever connects into wgs1 has wgs1 public key under its peer directive. Wgs1 also have 1 or more clients that can connects to it...
  4. Z

    Cannot access lan on AX-86U through Hub and Spoke wireguard

    According to wg manual https://man7.org/linux/man-pages/man8/wg.8.html when you set an endpoint it does not go into the interface wgs1, but it needs to go in under a specific peer in wgs1: So, in order to add in an endpoint we need to specify to which peer (client) under wgs1 it should be...
  5. Z

    Wireguard Connecting via IPv6

    Depending on what client you have and which app you are using perhaps there is a setting there somewhere?? No, as this is not related to peer ipv4/ipv6, it's about the udp tunnel. The tunnel is always over ipv4 OR ipv6, never both. It's always the client that chooses if the tunnel is over ipv4...
  6. Z

    Cannot access lan on AX-86U through Hub and Spoke wireguard

    Yes! No, there is no option for that. 10.0.0.x will directly contact your server as is. Its typical for Windows to only allow local ips unless specifically opened up for other ips. You will need to allow 10.0.0.0/24 in the Windows firewall.
  7. Z

    Cannot access lan on AX-86U through Hub and Spoke wireguard

    What do you mean with switched wan? The server needs to allow connections from wg network.perhaps its already done, but check? can you trace to asus router lan ip 192.168.3.1? Can you give me all AllowedIPs on all devices and I could take a look if something is wrong.
  8. Z

    Wireguard Connecting via IPv6

    It would be up to the client trying to connect if should use ipv4 or ipv6. If its trying to use ipv4 and it does not work Im not too sure it will try with ipv6 as Wireguard doesnt have any active connection tracking. I have created a ddns with only ipv6 in it and no ipv4 to force ipv6 usage.
  9. Z

    Cannot access lan on AX-86U through Hub and Spoke wireguard

    Ah, ok. So its not a site-2site? Just some clients connecting to the vps and want to reach your server on lan? So you should set Inbound firewall=allow Nat=no Keeping allowedIPs on asus router 10.0.0.0/24 should be fine. On the vps peer asus router connects to should have AllowedIP...
  10. Z

    Cannot access lan on AX-86U through Hub and Spoke wireguard

    Its tricky without knowing all the details. You will need to provide all ips involved in this. Your issue is probably in AllowedIPs somewhere. It usually is. I can see a server ip, 192.168.3.46, is that an ip on a remote lan also connecting into the vps? I can see the Wireguard subnet...
  11. Z

    Wireguard Connecting via IPv6

    No, I meant on the client device. As you cant make the handshake, your device is likely not reaching the router. Local wg ip hasnt come into play yet. thats no cgnat address, so what have changed? I did see your other posts and it looks like your back on public ipv4?
  12. Z

    Wireguard Connecting via IPv6

    If the handshake fails then the tunnel does not work on a lower level. How are you setting the endpoint in your client? Are you using ipv6 as it is? Br0 ipv6 or wan iov6? Or are you using ddns, and if so, how do you know its trying to use ipv6). Iirc i did setup wgm for direct connection using...
  13. Z

    Cannot access lan on AX-86U through Hub and Spoke wireguard

    The setting you are looking for is called: Inbound firewall. You should set it to allow. You also need to setup vpndirector rules. For reference, here is my setup, which initially used an addon for witrguard...
  14. Z

    Wireguard server not using DNS settings that are defined in WAN settings

    Great! Note that it must be in /jffs/scripts for it to be executed by firmware when rebuilding the nat table.
  15. Z

    Wireguard server not using DNS settings that are defined in WAN settings

    This really is a client issue if its not respecting wg dns. But if this is the way to solve I dont see a problem with it. If you want your rules to persist you could put them in the appropriate hook script, nat-start: https://github.com/RMerl/asuswrt-merlin.ng/wiki/User-scripts#nat-start It...
  16. Z

    Wireguard Wireguard Server - Backup/Restore/Migrate

    I just used this script when updating my RT-AX86U PRO from 388.8_4 to 3006.102.6 and it was successful. I removed my USB drive before updating. updated the FW and did a factory reset. did the basic setup manually and replugged my USB drive. when downloading and running the script again there...
  17. Z

    Solved Please help access my network resources from outside (VPN Cascading and IP Masquarading)

    if you add 10.6.0.1 to the allowedip list as "192.168.1.0/24, 10.6.0.1/32" then you should be able to use dns as 10.6.0.1 and have dns lookup by your router, potentially benefit if you are using domain names (or running Diversion or AGH or whatnot).
  18. Z

    Solved Please help access my network resources from outside (VPN Cascading and IP Masquarading)

    Sure, but this is something you control in the client app. Just edit the tunnel in your android app and change AllowedIPs to only 192.168.1.0/24 and remove the current 0.0.0.0/0 (all ips). (Edit: you may also need to add 10.6.0.1 to allowedIps if thats the dns you are using. Separate with ...
  19. Z

    Solved Please help access my network resources from outside (VPN Cascading and IP Masquarading)

    Glad it worked for you! but thats troublesome indeed. It means that Wireguard is bound to lan ip, which it wasnt before. We will probably see more of these reports. Since some of the later 388 fw this is taken care of "behind the scenes" in the fw. However that rule is not a bad idea, it may...
  20. Z

    Solved Please help access my network resources from outside (VPN Cascading and IP Masquarading)

    Ooh, I completally missed your picture about wg handshake not working. So the tunnel breakes on a lower level. I wonder if something have changed in fw recently. What if you follow @CaptainSTX advice and add a vpn director rule for Local IP: 192.168.1.1/32 Remote IP: leave blank Interface Wan...
Back
Top