WireGuard - Can't Access LAN from "Remote" Client

[doczenith1]

I have a WireGuard server running on my AX88U Pro. My WireGuard clients coming in from the WAN can access my LAN just fine. What it not working is this scenario. I have a local computer connected to a "test" router which is connected to my LAN via it's WAN port. The test router is on 192.168.8.1. The LAN is using 192.168.1.1. When I enable the WireGuard client on the test router my local computer connected the test router is unable to access the 192.168.1.1 subnet (it can access the WAN just fine and can access the 192.168.1.1 subnet when the WireGuard client is stopped). I have "Access Intranet" enabled on the WireGuard server but that seems to only allow incoming WAN clients to access the intranet. Any suggestions?

 

[ZebMcKayhan]

I have a WireGuard server running on my AX88U Pro. My WireGuard clients coming in from the WAN can access my LAN just fine. What it not working is this scenario. I have a local computer connected to a "test" router which is connected to my LAN via it's WAN port. The test router is on 192.168.8.1. The LAN is using 192.168.1.1. When I enable the WireGuard client on the test router my local computer connected the test router is unable to access the 192.168.1.1 subnet (it can access the WAN just fine and can access the 192.168.1.1 subnet when the WireGuard client is stopped). I have "Access Intranet" enabled on the WireGuard server but that seems to only allow incoming WAN clients to access the intranet. Any suggestions?

You never state the test router brand and model.

What you describe makes perfect sense to me. If all data from the test router is Wireguard then all data ends up at the wg endpoint and would not reach any lan on its wan port. You would need policy routing that remote ip 192.168.1.0/24 to use wan and not the wireguard tunnel.

 

[doczenith1]

Test router is GL-iNet GL-X3000 Spitz AX. When the test router is using cellular WAN and connected via WG to the AX88U's WG server the devices plugged into the test router can see the 192.168.1.1 "home" LAN devices. It's only when the test router is using an ethernet connection for it's WAN and is connected to the home LAN. So the data from the test router isn't coming into the AX88U via it's WAN port but rather a LAN port.

Home LAN: 192.168.1.1
Home WG server: 10.6.0.1/32
Test router: 192.168.8.1
Test router WG client: 10.6.0.3

The goal is computer located in the home > test router using WG tunnel > switch > AX88U WG server > home LAN device
Everything connected via ethernet and to be clear, everything is in my house right now.

Another piece of information that may be helpful. With the setup listed above the "computer located in the home" is using the DNS from 192.168.1.1. I know this because ads are blocked and the only ad blocker on the LAN is Diversion on the AX88U. Everything works as expected for internet data, it's the intranet data that I'm having issues with.

Edit:
WG client config:
[Interface]
PrivateKey = redacted
Address = 10.6.0.3/32
DNS = 192.168.1.1
MTU = 1376

[Peer]
PublicKey = redacted
PresharedKey = redacted
AllowedIPs = 0.0.0.0/0
Endpoint = redacted :51820
PersistentKeepalive = 25

In an attempt to get things working I added 192.168.1.1/32 to the allowed IP's with no avail.

 

[ZebMcKayhan]

The goal is computer located in the home > test router using WG tunnel > switch > AX88U WG server > home LAN device

Ok... but why would you make such setup? Are you planning on moving the router around, I.e traveling? Or use for failover?

The only thing Iknow that may prevent this from working is that wg vpn typically don't work from lan to own wan. It was never intended to connect to server peer from within lan itself. I don't know of any fix.

Depending on your setup you may end up with other issues, like routing conflicts.