ERxxxxx as Wireguard client
ERxxxxx as Wireguard client
I have finally managed to set up Wireguard as a client on a ER706W against unifi and wireguard server, it is a complicated task to make this work if you are not an expert in Wireguard. but anyway, there are two problems i want to talk to you about..
1. it is only possible to get traffic in the tunnel by using the 0.0.0.0/0 route
2. when the router is adopted via wan to a remote controller, it will not adopt after a restart when the wg tunnel has 0.0.0.0/0 (go in disconect state). it seems that wan also goes through the tunnel, I have to do a factory reset and readopt the router again, when that's done I can activate the tunnel again and all traffic goes via wg until the router restarts again.
i saw the light when i read this post but the OP has the same problem i have with 0.0.0.0/0 it's all or nothing
https://community.tp-link.com/en/business/forum/topic/637148?replyId=1307142
I don't know if this is a known problem for you in TP-Link?
Wireguard against another TP-Link router does not have the same problem. I can enter all the routing I need. it only applies to connection to unifi and wireguard server on ubuntu. I haven't tested against anything other than that.
I have tested with an ER706W but I think this applies to all routers.
if these two problems can be solved, then the router can actually be used as a client against a server with a fixed IP. I hope, like everyone else, that there will be an opportunity to use hostname soon.
and at the end I can remove a very expensive router in my network that do some wireguard and OpenVPN task for me today. I will convert all over to Wireguard very soon and if my ER8411 can do Wireguarding as client i dont need OpenVPN anymore,
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
to be honest, this solution was really bad, I had a test remote to my home network here. Yes, it worked, but the client had to be connected to the vlan that has the same IP network as the wireguard tunnel. not only that, only one client could use the tunnel, and the client had to have the same ip as the wireguard tunnel ip address in the config file.
but yes it was possible to route a simple network now, but that doesn't help much when there is such limitations
Ok, so far no solution as I see.
- Copy Link
- Report Inappropriate Content
Ok, then I have a solution, it requires two routers, but I have enough routers so thats not a problem.
I have now configured an ER706W as a wireguard client against a wireguard server running on ubuntu, I have configured about 80 remote networks that I need access to in the wireguard tunnel.
since only one IP is allowed to connect to the wireguard tunnel, one of the WAN ports on the ER8411 has been connected to the LAN on the ER706W, so the ER8411 is the only client that is allowed to use the wireguard tunnel and have the ip that is defined in the remote peer.
this way I can also use policy route against Wireguard on ER8411. have created a policy route through the WAN interface that goes to LAN on the ER706W
Do you know how many networks can be configured in wireguard peer profile on Omada kontroller? I now have about 80+- remote network in my peer profile.
I have to test a few days to see how it works. I hope in the long term that I can run everything on one router, but that seems to be a some time to that happend.
The good thing is that I learn a lot about wireguard with TP-Link's solution. it's not plug and play like it is, for example, on unifi
- Copy Link
- Report Inappropriate Content
Hi @MR.S
Thanks for posting in our business forum.
MR.S wrote
Ok, then I have a solution, it requires two routers, but I have enough routers so thats not a problem.
I have now configured an ER706W as a wireguard client against a wireguard server running on ubuntu, I have configured about 80 remote networks that I need access to in the wireguard tunnel.
since only one IP is allowed to connect to the wireguard tunnel, one of the WAN ports on the ER8411 has been connected to the LAN on the ER706W, so the ER8411 is the only client that is allowed to use the wireguard tunnel and have the ip that is defined in the remote peer.
this way I can also use policy route against Wireguard on ER8411. have created a policy route through the WAN interface that goes to LAN on the ER706W
Do you know how many networks can be configured in wireguard peer profile on Omada kontroller? I now have about 80+- remote network in my peer profile.
I have to test a few days to see how it works. I hope in the long term that I can run everything on one router, but that seems to be a some time to that happend.
The good thing is that I learn a lot about wireguard with TP-Link's solution. it's not plug and play like it is, for example, on unifi
WireGuard official, if you are using it on Ubuntu, itself originally is not plug and play as well. There are just different ways to add plug-ins and make it more easy to use.
But the plain and vanilla WG is way trouble for people who are not familiar with it.
ER8411 up to 300 peers.
- Copy Link
- Report Inappropriate Content
Clive_A wrote
Hi @MR.S
Thanks for posting in our business forum.
MR.S wrote
Ok, then I have a solution, it requires two routers, but I have enough routers so thats not a problem.
I have now configured an ER706W as a wireguard client against a wireguard server running on ubuntu, I have configured about 80 remote networks that I need access to in the wireguard tunnel.
since only one IP is allowed to connect to the wireguard tunnel, one of the WAN ports on the ER8411 has been connected to the LAN on the ER706W, so the ER8411 is the only client that is allowed to use the wireguard tunnel and have the ip that is defined in the remote peer.
this way I can also use policy route against Wireguard on ER8411. have created a policy route through the WAN interface that goes to LAN on the ER706W
Do you know how many networks can be configured in wireguard peer profile on Omada kontroller? I now have about 80+- remote network in my peer profile.
I have to test a few days to see how it works. I hope in the long term that I can run everything on one router, but that seems to be a some time to that happend.
The good thing is that I learn a lot about wireguard with TP-Link's solution. it's not plug and play like it is, for example, on unifi
WireGuard official, if you are using it on Ubuntu, itself originally is not plug and play as well. There are just different ways to add plug-ins and make it more easy to use.
But the plain and vanilla WG is way trouble for people who are not familiar with it.
ER8411 up to 300 peers.
Yes but how many remote network is there possible to add in one peer? now I have about 80 remote network added in a peer but I guess there is a limit som place :-)
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1974
Replies: 14
Voters 0
No one has voted for it yet.