Limited LAN Access via VPN (ER706W-4G / WireGuard) – Omada Controller Not Reachable
Hi everyone,
last week I deployed a brand-new ER706W-4G router at my remote office to replace an older device. It’s currently running with an OC200 Controller, and everything has been working fine so far. However, I’ve run into a strange issue I’m hoping someone can help with.
I’m currently using the 4G connection exclusively for testing purposes and haven’t added a second WAN connection yet. For remote management, I set up a VPN connection using WireGuard. The handshake is successful, and I can connect to the network without any problems.
The issue is that I can only reach some devices on the local network — mainly simple web-based interfaces like those of IP phones — but not all. Strangely enough, I can access the router’s admin interface, but not the Omada Controller, which is on the same subnet.
I’ve tested this setup in both standalone and controller-managed modes, using both WireGuard and SSL VPN — same results in both cases. There are no ACLs in place, and the router configuration is still close to factory defaults.
Could this be related to the 4G connection? I do receive a public IPv4 address from the mobile provider.
Any suggestions or insights would be greatly appreciated. Thanks in advance!
Best regards
I think so. Iam currently testing with Wireguard. So to get things a little bit more precise this is my Network:
LAN-Range: 192.168.99.xxx/24
IP-Adress ER706 in LAN: 192.168.99.250
Wireguard Network: 192.168.90.xx
Wireguard Local Adress of Router: 192.168.90.1 (Screenshots below)
This is my configuration on the Client:
[Interface]
PrivateKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Address = 192.168.90.10/32
DNS = 9.9.9.9, 1.1.1.1
[Peer]
PublicKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
AllowedIPs = 0.0.0.0/0
Endpoint = my.domain.xx:51820
And this is the Wireguard-config on the ER706W:
Ive deleted the Public Key for the Screenshot.
Handshake works well and i see traffic going through the tunnel. I can ping the Router and also open the management webinterface at 192.168.99.250 and some of my lan devices like an IP-Phone on 192.168.99.50 or so but nothing else. I got a PBX on 192.168.99.4 that doesnt work and a webserver on 192.168.99.45 neither.
When try to ping a host on the net that i cannot open i get a timeout, ping to my IP-Phone on 192.168.99.50 works well.
The same behaviour is seen when i switch to the DSL line on the router, so it is not a fault of the 4G connection.
Looks like it's merely a config problem from your other reply to GRL.
If you have not tried any sort of config video or guide, that's why.
It's not a problem with the router/clients. Just a misconfig. Wireguard is not easy for a new user who has not used OVPN before. All the stuff gotta be scripted yourself.
