1
Votes

Wireguard Client - AllowedIPs

 
1
Votes

Wireguard Client - AllowedIPs

Wireguard Client - AllowedIPs
Wireguard Client - AllowedIPs
2024-08-20 14:26:45 - last edited 3 weeks ago
Tags: #VPN
Model: Deco X55  
Hardware Version:
Firmware Version: 1.5.5

Thank you for adding Wireguard support. I'm trying to effectively use AllowedIPs to manually route only some traffic through the Wireguard connection.

 

What I'm trying to achieve:

I'm trying to set my IP telephony (software and hardware phones) to go through Deco's Wireguard connection (I got it up and running successfully), while everything else to go through normal WAN. All of my phones (software/hardware) connect to the same server on the same IP - 222.111.22.11 (example).

 

Expectation:

In the Wireguard configuration file, I set AllowedIPs different from 0.0.0.0/0, then a special route is set which makes only the connections to the specified IPs go through the Wireguard connection, while all other connections go through normal WAN.

 

Reality:

  1. If I set AllowedIPs to 222.111.22.11/32 in my Deco APP (and set "Access Permission" to "All clients"), then all of my wifi clients lose internet connection, and I can only access 222.111.22.11.
  2. I can't set multiple AllowedIPs.

 

Any idea how to make this happen? 

Thank you!

 

#1
Options
1 Accepted Solution
Re:Wireguard Client - AllowedIPs-Solution
2024-09-01 07:54:51 - last edited 3 weeks ago

Playing with Wireguard triggered a 100% cpu load on my main Deco router which persisted even after I removed the Wireguard profile. This made the network come to a complete halt and the Deco reboot itself every 5-10 minutes. I could only fix this by factory reseting each Deco and recreating the network from scratch. I agree, Deco is a disappointment.

 

Never again will I buy anything from TPLink.

Recommended Solution
#6
Options
5 Reply
Re:Wireguard Client - AllowedIPs
2024-08-21 07:04:10 - last edited 2024-08-29 01:06:50

  @eth2 

Hi, welcome to the community.

I'm afraid the current network behavior is expected. You might need to only select the hardware IP Phones as the VPN clients, instead of All clients under "Access Permission“.

 

I consulted the engineer about the possibility of selectively routing network traffic through the WireGuard VPN connection earlier. and Deco is unable to permit partial network traffic on the same device through VPN tunnels; it's either all or none.

 

Thank you very much and best regards.

#2
Options
Re:Wireguard Client - AllowedIPs
2024-08-28 19:42:58 - last edited 2024-08-29 01:06:50

  @David-TP 

 

That is stupid and non-standard. A crippled implementation, as OpenVPN is, too. Every free WireGuard app uses these parameters, and not wanting to route the whole traffic through the VPN is the simplest thing. Without that the whole WireGuard thing on Deco is useless...

David-TP wrote

  @eth2 

Hi, welcome to the community.

I'm afraid the current network behavior is expected. You might need to only select the hardware IP Phones as the VPN clients, instead of All clients under "Access Permission“.

 

I consulted the engineer about the possibility of selectively routing network traffic through the WireGuard VPN connection earlier. and Deco is unable to permit partial network traffic on the same device through VPN tunnels; it's either all or none.

 

Thank you very much and best regards.

 

#3
Options
Re:Wireguard Client - AllowedIPs
2024-08-28 19:54:34 - last edited 2024-08-29 01:06:50

  @eth2 

 

I did spend 8 hours of work into the OpenVPN-Client on my Deco network, and it shows the same non-standard behavior! It seems the X50 is crippled, so it does not interfere with the business products. I won't recommend the Decos to anyone who is doing VPN at all, as there is also no way to debug the connections. My work time is more worth than all five X50s in my home, and I'm going to recycle them as mesh access points only and build myself a decent router with OPNSense...

#4
Options
Re:Wireguard Client - AllowedIPs
2024-09-01 07:37:55

Routers with OpenWRT can do point routing via VPN. TP-link routers are made on the OpenWRT base. There are no technical problems.

#5
Options
Re:Wireguard Client - AllowedIPs-Solution
2024-09-01 07:54:51 - last edited 3 weeks ago

Playing with Wireguard triggered a 100% cpu load on my main Deco router which persisted even after I removed the Wireguard profile. This made the network come to a complete halt and the Deco reboot itself every 5-10 minutes. I could only fix this by factory reseting each Deco and recreating the network from scratch. I agree, Deco is a disappointment.

 

Never again will I buy anything from TPLink.

Recommended Solution
#6
Options