ER7206 - Wireguard "Allowed Address" issue
Please refer to the following topic
https://community.tp-link.com/en/business/forum/topic/636906
I have the same exact problem on my ER7206 router
when I set "Allowed Address" to "0.0.0.0/0" I have no issues pinging all my wireguard LAN IP's but the same time all of my gateway traffic is routed through the VPN tunnel which I don't want that. If I set to "Allowed Address" to "192.168.4.0/24" then I can't ping any Wireguard LAN IPs.
Can any one help me setting up the right way ?
Thanks
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Sorry I am not sure I am quite understand,
Where do you want to add wireguard IP ? My router's wireguard IP address is 192.168.4.8
Here is the configuration images
https://take.ms/G8SjK
https://take.ms/qAfel
Can you please clarify?
- Copy Link
- Report Inappropriate Content
what are you trying to achieve, is it site to site with wireguard or is it client to site?
anyway you have to allow LAN ip and wireguard IP. I don't think you can use the same IP on the LAN and in the wireguard tunnel.
Can you explain a little better what you are configuring.
- Copy Link
- Report Inappropriate Content
I am trying to achieve the following
a) I have a dedicated wireguard server in a remote datacenter ( configured as 192.168.4.0/24 )
b) I have PC's from multiple locations connecting that wireguard server as clients (peers)
c) I have an office ROUTER (ER7206) with LAN subnet of 192.168.0.0/24 and I want to access all the peers connected to the wireguard server ( 192.168.4.0/24 )
when I set Allowed address as 0.0.0.0/0 then I can access those 192.168.4.0/24 subnets but the issue is all of my internet traffic is routed through wireguard tunnel. I don't want that I only want to access my wireguard peers and not the whole internet. Internet should be routed through my local gateway WAN
Please let me know if you need any more info.
- Copy Link
- Report Inappropriate Content
ok, then I understand, you want to use ER706 as wireguard client to a remote wireguard server. sorrt but it doesn't work, there is no policy route on wireguard, so what you are trying is useless. I have tried and spent days testing this.. I ended up buying a Unifi router that takes care of wireguard for me.
your only option is 0.0.0.0/0 and everything is routed through the wireguard tunnel or find another solution like me.
there are rumors that the policy route will come in Q1 2024, now it's end of Q2 so maybe a solution is getting closer
- Copy Link
- Report Inappropriate Content
OK, thanks for the clarifications.
It seems I have wasted around ~200 bucks
I should have gone with openwrt with cheaper router. big mistake.
What a disappointment
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
now I use a cheap bad one. UXG-Lite I don't need any great speed. but I have also used UXG-Pro but all the routers have wireguard policy routing.
have connected it to a separate wan port on the ER8411 and use policy route which is on Omada. then I run policy route to the wan interface to which unifi is connected.
- Copy Link
- Report Inappropriate Content
if you have the option of Ipsec site to site then TP-Link routers are absolutely crazy good, if there is an alternative to wireguard then you should try it.
in my case I can't use just ipsec. I route 70-80 networks via wireguard and policy route and it doesn't work with ipsec s2s.
L2TP is also a possibility, you can use policy route with L2TP as well.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 2976
Replies: 37
Voters 0
No one has voted for it yet.