What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Challenge with tunneling internet for WG site to site from the server side

I

ivannn

Occasional Visitor
Hi folks,

I have 2 Asus routers running latest Merlin as of today configured for Wireguard site to site tunnel which works beautifully.

Site P: RT-BE86U (3006.102.3) - server
Site O: RT-AX86U (3004.388.8_4) - client


Server side config includes the LAN for the client side in the allowed list.
Client allows all (0.0.0.0/0) + VPN director rule for the server side lan through the WG client interface.

Any host from any LAN can reach to any host on the other LAN.

When I want to redirect internet for any host on the WG client side LAN (Site O) through the server side internet (Site P) I only need a VPN director rule.

How can I achieve the same in the reverse way? Routing the traffic for a host with a static IP on the WG server side (Site P) to access internet through the tunnel at the WG client side (Site O)?

A few options I am thinking about are a static route, the VPN director or tunnel configuration but I can't figure it out.

This is the first time I am configuring a WG tunnel. Previously I had OpenVPN tunnel between another pair of Asus routers and I never tried to achieve this because site O had the VPN server and site P had the client, hence I was using the VPN director for this purpose.
 
ivannn said:
How can I achieve the same in the reverse way? Routing the traffic for a host with a static IP on the WG server side (Site P) to access internet through the tunnel at the WG client side (Site O)?
Click to expand...
Simple answer is that you can't.

The more complicated answer is: of cource you can, but you will have to do everything via scripting yourself.

One option is to setup a client on both sides. You will just need to put in firewall rules to allow incoming connections and probably add listen-port directive in the config file. If you have other clients connecting in it would be inconvenient with dnsmasq and generate new configs.

Another option is to setup your own vpn-director (new route table and rules) and adjust the AllowedIPs for that peer.

None of these options are really simple and if you are not used to scripting I would go for my simple answer above.
 
You must log in or register to reply here.

Similar threads

S
Solved AX88U Wireguard Issue
Replies
1
Views
274
Tech9
Tech9
nsayer
BE-98G - need help setting up a site-to-site VPN
Replies
2
Views
238
Tech9
Tech9
N
Wireguard Site to Site problem with clients
Replies
11
Views
1K
ZebMcKayhan
Z
M
OVPN HMAC authentication switching from SHA1 to SHA256
Replies
9
Views
513
maxbraketorque
M
B
IPv6-only site-to-site setup with Wireguard, and how to handle IPv4
Replies
1
Views
2K
drinkingbird
drinkingbird
Similar threads
Thread starter Title Forum Replies Date
garycnew VPNDirector Source/Destination Port-Based Split-Tunneling Rules Not Possible? Asuswrt-Merlin 6
B 3006.102.3 RT-BE88U as WireGuard client. No Internet connection after reboot. Asuswrt-Merlin 13
G Proper way to expose services to the internet with Asus Merlin? Asuswrt-Merlin 11
I block internet access for wifi clients on RT-AX88U Pro Asuswrt-Merlin 5
I Video Doorbell can't connect to internet Asuswrt-Merlin 37
pirx73 Move "Internet speed" tab to the "Network tools" section Asuswrt-Merlin 2
S No internet for router clients (OpenVPN + stunnel) Asuswrt-Merlin 6
tallytr Losing internet every 10 days or so with Telus ISP and RT-AX86U (Merlin 3004.388.8_4) Asuswrt-Merlin 42
L Devices Connect to Wi-Fi but No Internet Asuswrt-Merlin 19
K Solved "Block internet access" does nothing Asuswrt-Merlin 7

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 588 (members: 34, guests: 554)
Back
Top