Hello all.
I've floundered through but managed to get bidirectional site to site wireguard between two identical asus ac88u routers working.
Result: .1 subnet devices are connecting with VPN Fusion on .1 router to the wireguard server on .2 router.
In parallel, I also have clients (phones and laptops) acting as normal wireguard clients to the same wireguard server on the .2 router, and they can successfully see other devices on the .2 subnet as desired.
Result: devices using wireguard to connect to the .2 router can see other devices on the .2 subnet (however, they don't see devices on the .1, so they aren't currently getting across the wireguard between the routers, which I might like to do)
In parallel, I have the same clients (phones and laptops) acting as normal wireguard clients to the wireguard server on the .1 router. Initially, this was working as above, but at some point, this stopped working.
Result: devices using wireguard to connect to the .1 router are not able to connect to other devices on the .1 subnet (i.e., these clients don't seem to be working anymore)
I still have fundamental issues with the labeling and semantics between the VPN fusion 'client' and 'server' (when it's really peer to peer between routers for bidirectional) and the standard wireguard peer to peer (generally used by a phone or laptop to get back to the router).
In looking at the wireguard configs and the existing routing tables, it seems that I should be able to make sense of what's working / not working and why, but I'm clearly missing it.
So if a wireguard / routing person can help clarify what's happening and what's not, that would be great.
Router .1 Wireguard configs for a sample client (like a phone).
I believe this means
-the actual client device gets 10.6.0.2
-not sure why / where a 10.6.2.1 server comes through (is that a rewrite of the router itself? Unclear where the .2 subnet comes from at all).
-allowedIPS in this case are all outside IPs, I think, meaning this wireguard client config will allow connection from any original IP back to the wireguard server (router).
Here is the routing table (my actual IP addresses blanked out) for the .2 subnet and then the .1 subnet after
I think they show
-the .1 and .2 subnets are symmetrically the same (i.e., one is wgs, the other a br0 which presumably bridges to the other router)
-the 10.6.0.x clients; I believe these are the clients between the two subnets over the wgs (pc, synology, etc)
-specifically, the .2, .3, and .4 devices are the ones 'seeing each other' across the router wireguard interface
-the .5, I suspect, is my phone, currently only connected to the .1 subnet via wireguard (presumably also the 208.x address)
-it's that device that can't see anything on the .1 subnet, let alone across the wg to the .2 subnet
See below for the two standard wireguard client definitions. The one on the .2 subnet works fine (i.e., can connect to other devices on the .2 subnet).
The .1 client config for wireguard connects, but doesn't seem to let it see anything on the .1 subnet.
Ideally, I'd be able to figure out how a wireguard client connected to either router could see the other subnet (i.e., connect to the .2 router but see .1 subnets as well as .2), but that'd be gravy.
My first problem is- why is my wireguard for .1 not letting devices connect / see any of the devices on .1?
Am I perhaps having some conflicts with overlapping wireguard IP configs on the two routers (i.e., they both seem to be using 10.6.0, and I'm not sure if/where I could change those- similar to why/how I changed one router to the .1 subnet, and the other to the .2).
Thanks for any feedback...
Router .2 client config (this one is working to get to .2 devices, although it doesn't let me get from the .2 also to the .1 which would be nice)
Router .1 client config; this one is not letting me even get to the .1 (where it's connecting to the .1 router), let alone the .2 subnet...
I've floundered through but managed to get bidirectional site to site wireguard between two identical asus ac88u routers working.
Result: .1 subnet devices are connecting with VPN Fusion on .1 router to the wireguard server on .2 router.
In parallel, I also have clients (phones and laptops) acting as normal wireguard clients to the same wireguard server on the .2 router, and they can successfully see other devices on the .2 subnet as desired.
Result: devices using wireguard to connect to the .2 router can see other devices on the .2 subnet (however, they don't see devices on the .1, so they aren't currently getting across the wireguard between the routers, which I might like to do)
In parallel, I have the same clients (phones and laptops) acting as normal wireguard clients to the wireguard server on the .1 router. Initially, this was working as above, but at some point, this stopped working.
Result: devices using wireguard to connect to the .1 router are not able to connect to other devices on the .1 subnet (i.e., these clients don't seem to be working anymore)
I still have fundamental issues with the labeling and semantics between the VPN fusion 'client' and 'server' (when it's really peer to peer between routers for bidirectional) and the standard wireguard peer to peer (generally used by a phone or laptop to get back to the router).
In looking at the wireguard configs and the existing routing tables, it seems that I should be able to make sense of what's working / not working and why, but I'm clearly missing it.
So if a wireguard / routing person can help clarify what's happening and what's not, that would be great.
Router .1 Wireguard configs for a sample client (like a phone).
I believe this means
-the actual client device gets 10.6.0.2
-not sure why / where a 10.6.2.1 server comes through (is that a rewrite of the router itself? Unclear where the .2 subnet comes from at all).
-allowedIPS in this case are all outside IPs, I think, meaning this wireguard client config will allow connection from any original IP back to the wireguard server (router).
Here is the routing table (my actual IP addresses blanked out) for the .2 subnet and then the .1 subnet after
I think they show
-the .1 and .2 subnets are symmetrically the same (i.e., one is wgs, the other a br0 which presumably bridges to the other router)
-the 10.6.0.x clients; I believe these are the clients between the two subnets over the wgs (pc, synology, etc)
-specifically, the .2, .3, and .4 devices are the ones 'seeing each other' across the router wireguard interface
-the .5, I suspect, is my phone, currently only connected to the .1 subnet via wireguard (presumably also the 208.x address)
-it's that device that can't see anything on the .1 subnet, let alone across the wg to the .2 subnet
See below for the two standard wireguard client definitions. The one on the .2 subnet works fine (i.e., can connect to other devices on the .2 subnet).
The .1 client config for wireguard connects, but doesn't seem to let it see anything on the .1 subnet.
Ideally, I'd be able to figure out how a wireguard client connected to either router could see the other subnet (i.e., connect to the .2 router but see .1 subnets as well as .2), but that'd be gravy.
My first problem is- why is my wireguard for .1 not letting devices connect / see any of the devices on .1?
Am I perhaps having some conflicts with overlapping wireguard IP configs on the two routers (i.e., they both seem to be using 10.6.0, and I'm not sure if/where I could change those- similar to why/how I changed one router to the .1 subnet, and the other to the .2).
Thanks for any feedback...
Router .2 client config (this one is working to get to .2 devices, although it doesn't let me get from the .2 also to the .1 which would be nice)
Router .1 client config; this one is not letting me even get to the .1 (where it's connecting to the .1 router), let alone the .2 subnet...
