Hi everyone,

I’m trying to set up a WireGuard VPN on my ER605 v2 using the Omada Cloud-Based Controller (Cloud Essentials).

Setup:

• WAN IP (public and static): 94.xxx.xxx.xxx

• LAN network: 10.0.0.0/24 (Router: 10.0.0.1)

• VPN network: 10.0.1.0/24 (Gateway: 10.0.1.1)

• Test client should get 10.0.1.2/32

Port forwarding / ACL:

• Port 51820/UDP is forwarded (tested externally with nc -uv <WAN-IP> 51820, works).

• ACL for WAN-IN allows traffic on 51820/UDP.

Problem:

• WireGuard logs constantly show:

  Sending handshake initiation to peer (...) Handshake did not complete after 5 seconds, retrying

• From the client side I cannot ping 10.0.1.1.

• Even if I enter a wrong IP as the endpoint, the client still shows the tunnel as “active”, which is confusing.

Questions:

1. When creating the VPN network in the controller, do I need to assign a specific interface or VLAN?

2. Is there any additional configuration required on the ER605 (DHCP, firewall rules, etc.)?

3. Has anyone successfully set up WireGuard with Omada Cloud Essentials and ER605 v2 and could share a working example?

Thanks in advance!