ER8411 not routing response traffic to wireguard clients
I have wireguard configured on the gateway acting as a VPN server. The "Local IP Address" on the gateway's wireguard config (10.16.16.1) is set to a subnet unused by any of the existing VLANs. There is a single peer configured currently (I deleted all other configured wireguard peers), with the "Allow Address" set to 10.16.16.13/32.
It seems like the gateway is setting up the wireguard connection properly, but is not forwarding traffic back to the wireguard clients.
The wireguard handshake between the client and the gateway is successful. I see the Handshake and response in my tcpdump/wireshark. But I am unable to get a ICMP reply on my client's interface when pinging the router.
I can ping a computer on the local LAN (i.e. 10.16.1.200) from the wireguard client (10.16.16.13). On 10.16.1.200's interface, I can see both the ping from 10.16.16.13 and the reply from 10.16.1.200. But that never reaches 10.16.16.13.
Looking at the gateway's routing tables in the omada UI, I see a route to 10.16.16.13 (I assume the /32 is implied) with a "Next Hop" of 0.0.0.0, "Interface" of 829089647, and "Metric" of 9999.
My gateway is managed by an omada controller so I can't ssh into the gateway or access its local management UI. I think I'm at the limit of how much I can diagnose.
There are big changes to the Wireguard server and client, so if you are a little patient, hopefully there will be upgraded firmware for the ER8411, I have the beta version on the ER707-M2 so I have tested a bit and it looks very good. Here is a screenshot of the wireguard server configuration in the new controller.
The configuration is very dynamic with many options, there is also client file download.
If you want to use ER8411 as a wireguard client, you can also import the client file, so all the manual configuration is no longer needed.
so there are big improvements.
I was hoping for firmware for ER8411 this week but it seems to be a bit late.
There are big changes to the Wireguard server and client, so if you are a little patient, hopefully there will be upgraded firmware for the ER8411, I have the beta version on the ER707-M2 so I have tested a bit and it looks very good. Here is a screenshot of the wireguard server configuration in the new controller.
The configuration is very dynamic with many options, there is also client file download.
If you want to use ER8411 as a wireguard client, you can also import the client file, so all the manual configuration is no longer needed.
so there are big improvements.
I was hoping for firmware for ER8411 this week but it seems to be a bit late.
