Wireguard as Client doesn't work
Wireguard as Client doesn't work
I'm trying to set up my Omada to forward all traffic over Wireguard, however, even with Wireguard showing as connected, it doesn't work. When I enable the Wireguard, all network stop working.
I check up all public, private keys but no success. Is there a way to fix that?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @vctgomes
Thanks for posting in our business forum.
First, recommend you read the guide of the WG configuration.
As for now, the configuration between the server and client seems to be fine but this looks like a misconfiguration with your parameters.
The docs from the WG official could be helpful as well to understand what you should use in the IP ranges.
If you hope someone helps you check them, you should at least post them here. Bare description does not explain your situation. Just try the guide again and see what's been misconfigured.
- Copy Link
- Report Inappropriate Content
@Clive_A I really make no idea what's going on. Same profile, on a OpenWrt or macOS works pretty fine, but on Omada, it doesn't work. It even shows as connected, but no traffic is working.
It happens with two Wireguard interfaces. The only Wireguard interface that works well is the interface where Omada only work as a Server, without any endpoint.
- Copy Link
- Report Inappropriate Content
Hi @vctgomes
Thanks for posting in our business forum.
vctgomes wrote
@Clive_A I really make no idea what's going on. Same profile, on a OpenWrt or macOS works pretty fine, but on Omada, it doesn't work. It even shows as connected, but no traffic is working.
It happens with two Wireguard interfaces. The only Wireguard interface that works well is the interface where Omada only work as a Server, without any endpoint.
Tracert the 8.8.8.8 and the other allowed IP address. If this is forwarded through the tunnel, it works.
Show me the screenshots, please.
- Copy Link
- Report Inappropriate Content
@Clive_A Hi, my bad for the late.
Here's the traceroute to 8.8.8.8 as requested.
It goes to router and disappears! Same on 104.244.42.1
Now, the same tracerout, also to 104.244.42.1, but using a peer where Omada is a server:
I feel the Omada isn't forwarding the route correctly. That's happening on my second and third Wireguard interface - named as wg1 and wg2 - (maybe Omada is only acceping one interface?) and when Omada acts as Client.
- Copy Link
- Report Inappropriate Content
Hi @vctgomes
Thanks for posting in our business forum.
vctgomes wrote
@Clive_A Hi, my bad for the late.
Here's the traceroute to 8.8.8.8 as requested.
It goes to router and disappears! Same on 104.244.42.1
Now, the same tracerout, also to 104.244.42.1, but using a peer where Omada is a server:
I feel the Omada isn't forwarding the route correctly. That's happening on my second and third Wireguard interface - named as wg1 and wg2 - (maybe Omada is only acceping one interface?) and when Omada acts as Client.
I think I know why. I think you should try out the static routings because the screenshots show that your traceroute of 8.8.8.8 and 104.244.42.1 are forwarded to the local default gateway 10.10.0.1, is that correct? That's your local gateway?
If you look at the routing table, you have 0.0.0.0/0 to your gateway. Correct? That's the reason why they are forwarded through the gateway instead of the WG peer.
If the static routing cannot properly populate them into the correct next hop which is the peer, it could mean that this setup does not work or is not supported.
- Copy Link
- Report Inappropriate Content
@Clive_A Hi
Yeah. The 10.10.0.1 is the gateway (ER7206v2 running 2.1.2 version).
I checked the route and it's being made to the Wireguard interfacee created by Omada. It should work, but it doens't and I think it can be a bug on router software.
I checked on other side VPN and, indeed, Omada gateway is connected, so credentials, ports and ports are right! But even that, no traffic data is being forwarded from Omada to VPN!
- Copy Link
- Report Inappropriate Content
@Clive_A new update about the case:
I tried to remove ALL Wireguard Interfaces and Peers, so created new VPNs from on my two Wireugard servers and even use TorGuard VPN too... no success, even routing all traffic (0.0.0.0/0), where internet just goes offline and I got no access.
The other side VPN shows Omada connected and the last handshake, proving all data is correct! Omada can even show the right route, however, by some way, Omada can't really route the traffic.
In all my tests on ER7206 v2.0 with 2.1.2 using Omada 5.14.26.1, I AM NOT able to use this gateway as Wireguard Client! Omada DOES NOT forward the traffic to VPNs that works as client. Otherside, if I use Omada as Wireguard server, it works correctly and route the traffic correctly too.
I'm pretty sure it's a software bug and I'd like to ask you to ask your engineers to investigate this problem. Thanks!
- Copy Link
- Report Inappropriate Content
Hi @vctgomes
vctgomes wrote
@Clive_A new update about the case:
I tried to remove ALL Wireguard Interfaces and Peers, so created new VPNs from on my two Wireugard servers and even use TorGuard VPN too... no success, even routing all traffic (0.0.0.0/0), where internet just goes offline and I got no access.
The other side VPN shows Omada connected and the last handshake, proving all data is correct! Omada can even show the right route, however, by some way, Omada can't really route the traffic.
In all my tests on ER7206 v2.0 with 2.1.2 using Omada 5.14.26.1, I AM NOT able to use this gateway as Wireguard Client! Omada DOES NOT forward the traffic to VPNs that works as client. Otherside, if I use Omada as Wireguard server, it works correctly and route the traffic correctly too.
I'm pretty sure it's a software bug and I'd like to ask you to ask your engineers to investigate this problem. Thanks!
Not really. It is not used in that way.
If you look at the WG guides we have and I wrote earlier, none of them support such a scheme. You should also consider if it is a server issue.
Will get back on Monday.
- Copy Link
- Report Inappropriate Content
Hi @vctgomes
Thanks for posting in our business forum.
vctgomes wrote
@Clive_A new update about the case:
I tried to remove ALL Wireguard Interfaces and Peers, so created new VPNs from on my two Wireugard servers and even use TorGuard VPN too... no success, even routing all traffic (0.0.0.0/0), where internet just goes offline and I got no access.
The other side VPN shows Omada connected and the last handshake, proving all data is correct! Omada can even show the right route, however, by some way, Omada can't really route the traffic.
In all my tests on ER7206 v2.0 with 2.1.2 using Omada 5.14.26.1, I AM NOT able to use this gateway as Wireguard Client! Omada DOES NOT forward the traffic to VPNs that works as client. Otherside, if I use Omada as Wireguard server, it works correctly and route the traffic correctly too.
I'm pretty sure it's a software bug and I'd like to ask you to ask your engineers to investigate this problem. Thanks!
I need a picture of the routing table when WG is enabled and active. No manual routing should be involved or you should specify it.
Your network scheme with IP specified. Now it seems that you have using the Omada router as the server and client at the same time? I want to ask if you can use the router to tracert the 8.8.8.8 and will it go through the WG tunnel?
Both are public IPs. I think this should be a problem when the priority of the routing from the WAN interface is higher.
You mentioned that the Openwrt and macOS work, can you show me what it looks like?
Is this one for the macOS?
- Copy Link
- Report Inappropriate Content
@Clive_A unfortunately I return my ER7206 and bought an Ubiquiti.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 749
Replies: 11
Voters 0
No one has voted for it yet.