Route traffic from a Wireguard client through an additional router to router Wireguard tunnel?

Route traffic from a Wireguard client through an additional router to router Wireguard tunnel?

Route traffic from a Wireguard client through an additional router to router Wireguard tunnel?
Route traffic from a Wireguard client through an additional router to router Wireguard tunnel?
2 weeks ago
Model: ER707-M2  
Hardware Version: V1
Firmware Version: 1.2.3 Build 20240822 Rel.52946

Hello,

 

Here is my situation. I have 2 ER7070-m2 routers (Router A and Router B) setup with  Wireguard to create a site-to-site tunnel. This is working flawlessly and all traffic is properly routed between these 2 networks.

 

I also have Wireguard peers setup for clients outside of either of these networks. These also work in that peers connected to Router A can see and use all the resources on the Router A network.  The same is true of peers of Router B.

 

What I can't get working is to have an external peer of Router A be able to route traffic through the Router A to Router B tunnel to the Router B network and vice versa.  

 

What I want is the following:

External Client -> (Wireguard Peer) -> Router A -> (Wireguard Peer) -> Router B  -> Resource on Router B's network.

 

What currently works is:

Resource on Router A's Network -> Router A -> (Wireguard Peer) -> Router B -> Resource on Router B's network  (And vice versa)

and

External Client -> (Wireguard Peer) -> Router A -> Resource on Router B's network (Same for external peers of Router B)

 

Thanks for any assistance!

  0      
  0      
#1
Options
3 Reply
Re:Route traffic from a Wireguard client through an additional router to router Wireguard tunnel?
2 weeks ago

Hi @Bonfigleo

You might want to be specific about your settings. If you are new to the forum, see the guide:

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#2
Options
Re:Route traffic from a Wireguard client through an additional router to router Wireguard tunnel?
2 weeks ago

I'm assuming that the Wireguard settings are not my issue but instead that I'm missing a route.  I'm not sure what it should be.  Am I supposed to be creating a route between the "Local IP Address" of the client to the router on the other end of the tunnel?  If so, how/where do i do this?

 

Here are my exact settings:

 

Router 1: (Subnet 192.168.0.0/24)

Wireguard

Name: A Wireguard

Status: Enabled

MTU:  1420

Listen Port: 51820

Local IP Address: 192.168.10.1

Private key: xxxxxxxxxxxxxxxxxxxxx

 

Peers:

Name: A2B Wireguard

Status: Enabled

Interface: A Wireguard

Endpoint: [Public IP of B Router]

Endpoint port: 51820

Allow Address:  192.168.2.0/24 (Only subnet on Router B)

                          192.168.0.0/24

Persistent Keepalive: 25

Comment: 

Public Key:  xxxxxxxxxxxxxxxxxxxxxxxx

 

Name: My Laptop

Status: Enabled

Interface: A Wireguard

Endpoint:  

Endpoint Port:

Allow Address: 192.168.10.10/32

Persistent Keepalive: 25

Comment:

Public Key: xxxxxxxxxxxxxxxxxxxxxxxxx

Preshared Key:

 

 

Router 2: (192.168.2.0/24 subnet)

This is setup exactly the same as Router 1 with the following differences:

Wireguare:

Name: B Wireguard

Local IP Addres: 192.168.10.2

 

Peers:

Interface: B Wireguard

Endpoint: Router B Public IP

Allow Address: 192.168.0.2/24

 

 

 

  0  
  0  
#3
Options
Re:Route traffic from a Wireguard client through an additional router to router Wireguard tunnel?
2 weeks ago

Hi @Bonfigleo 

Thanks for posting in our business forum.

Bonfigleo wrote

I'm assuming that the Wireguard settings are not my issue but instead that I'm missing a route.  I'm not sure what it should be.  Am I supposed to be creating a route between the "Local IP Address" of the client to the router on the other end of the tunnel?  If so, how/where do i do this?

 

 

Add the desired network in the Allowed IP on the PC.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#4
Options