Wireguard Site-to-Site / Externals clients cannot reach remote Site-to-Site subnet

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Wireguard Site-to-Site / Externals clients cannot reach remote Site-to-Site subnet

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Wireguard Site-to-Site / Externals clients cannot reach remote Site-to-Site subnet
Wireguard Site-to-Site / Externals clients cannot reach remote Site-to-Site subnet
2024-01-21 21:41:03
Tags: #VPN #Routing #Wireguard
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.2.3

Hi!
Wireguard mesh Site to Site connection working ok.
When an external client tries to connect it can only reach WG server subnet only, but the mesh network.
Do I have to add those routes as static?
Why Routing table does not show Wireguard routes?


Hope this example clarifies:
R1, R2, R3, all connected as Wireguard mesh.

LAN1 (R1) can ping any R2 or R3 subnet.

LAN2 (R2) can ping any R1 or R3 subnet.
LAN3 (R3) can ping any R1 or R2 subnet.

So far, so good.

>>> Here is the problem:

When a client (outside those buldings) connect with WG VPN to R1, it can ping LAN1 only.

How can I solve this?
I'll appreciate your help!


 

  0      
  0      
#1
Options
1 Reply
Re:Wireguard Site-to-Site / Externals clients cannot reach remote Site-to-Site subnet
2024-01-22 09:36:48

Hi @dmvazquez 

Thanks for posting in our business forum.

1. Any VPN connections do not show up in the routing tables.

2. What is your config like? It seems to be an issue with the allowed-ips. Either you miss the subnet in the allowed-ips or you config it wrong.

3. Direct to your question, it does not ping any other LAN 2 3 because the settings (Peer > allowed IPs) on the PC outside the network do not contain the subnet of LAN 2 and 3. Is that correct?

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#2
Options

Information

Helpful: 0

Views: 362

Replies: 1

Tags

VPN Routing
Wireguard
Related Articles