What's new

Wireguard can't access devices behind asus router

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

evlo

Regular Contributor
I'm trying to setup "site to peer" wireguard VPN, but can't access asus router or anything behind it from the other side of the VPN.

Setup is described in the attached image.

WG settings on asus
Inbound Firewall = Allow
Enable nat = yes

no firewall blocking ping on 192.168.50.1 or 192.168.50.2
i did not manually add any routes to the asus router

maybe I need to set route on the side with server to route 192.168.50.0/24 to 192.168.110.162 - but i think autogenerated route table on server in screenshot should be enough?
 

Attachments

  • vpn.png
    vpn.png
    111.6 KB · Views: 50
  • 7KS7lsPcwW.png
    7KS7lsPcwW.png
    21.9 KB · Views: 48
Last edited:
In the past I did setup up site to site success fully in similar way, so pretty sure asus can do it. I just don remember if I did anything special. And mainly I do not know whether to focus on server or asus to debug where there is routing issue.

I think if asus could not do incoming there would not be an option to set inbound firewall :)

This is site to peer that I want to work both ways.

if i try tracepath on the server it just ends on localhost
tracert from client behind asus says it goes to router and then to server (which is correct)
it kinda makes me believe the issue is on the server side, but i dunno how to debug more, as in route on the server it says
Code:
192.168.50.0/24 dev wg0 scope link
which as I understand it should mean it should send traffic to 192.168.50.* to wg0 interface
 
Last edited:
I think my confusion is your picture didn’t show which is the WGS and which is the WGC. The laptop is trying to ping the WGS which is the server looking picture. It’s possible your server/client isn’t setup to respond to ICMP echo requests. From Wan or another subnet might be the problem. If it can ping itself it’s internal to its dhcp server range.

I’m guessing. I don’t do a lot of vpn stuff to be frank.
 
Last edited:
I figured it out, in vpn director

I guess it kinda maybe goes against wireguard idea, but whatever, if it works in the end
 

Attachments

  • a7MSH3uuop.png
    a7MSH3uuop.png
    24.1 KB · Views: 36
I figured it out, in vpn director

I guess it kinda maybe goes against wireguard idea, but whatever, if it works in the end

Hey if it works it works. Sorry I couldn’t give a definitive answer.
 
I'm trying to setup "site to peer" wireguard VPN, but can't access asus router or anything behind it from the other side of the VPN.

Setup is described in the attached image.

WG settings on asus
Inbound Firewall = Allow
Enable nat = yes

no firewall blocking ping on 192.168.50.1 or 192.168.50.2
i did not manually add any routes to the asus router

maybe I need to set route on the side with server to route 192.168.50.0/24 to 192.168.110.162 - but i think autogenerated route table on server in screenshot should be enough?
There is a couple of things that may need correction for your setup to behave the way yu want.

1. Remove Nat on your asus client. This setting have no use in site-2-site and only complicates things.
2. In you vpn director rule you may remove the source ip field and leave it blank.
3. If you want/need access to wg vpn client ips, you will need another vpn director rule as: Local IP =blank, Remote IP 192.168.62.0/24, Iface: Wgc5.

Edit: just saw you worked it out.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top