Menu
What's new
By:
Filters Better Search

WireGuard Server Clients Allowed IPs Not Getting Set

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

H

HarryMuscle

Senior Member
I'm working at setting up the WireGuard server on a RT-AX6000 running 388.4 and I've got a weird issue happening. I've added several clients to the server and everything was working fine, but as soon as I reboot the router I am unable to connect again. After some troubleshooting it looks like the allowed ips on the server side are not getting set for all of the clients except one (that one client works fine after the reboot). Here's the output from the wg command (I've removed the keys from the output):

Code: 
peer: [[key]]
  preshared key: (hidden)
  allowed ips: (none)

peer: [[key]]
  preshared key: (hidden)
  allowed ips: (none)

peer: [[key]]
  preshared key: (hidden)
  allowed ips: (none)

peer: [[key]]
  preshared key: (hidden)
  allowed ips: 10.6.0.4/24

Other than the keys and IP addresses there is no difference between the various clients. Further reboots result in the exact same outcome. Removing a client and re-adding it also results in the same outcome after a reboot. Anyone know what's going on?

Thanks,
Harry
 
So apparently the issue is related to using a /24 subnet mask for the allowed IPs. If I switch it back to a /32 mask the allowed IPs get correctly populated on the server as per the wg command output. The question now is then, whey can't I use a /24 subnet mask? I would like to have all of the connected client be able to communicate with each other and my understanding was that in order to do that you use a /24 subnet mask.

Thanks,
Harry
 
HarryMuscle said:
The question now is then, whey can't I use a /24 subnet mask?
Click to expand...
Because wg uses this for routing. There cannot be same routes to different targets.


HarryMuscle said:
I would like to have all of the connected client be able to communicate with each other and my understanding was that in order to do that you use a /24 subnet mask.
Click to expand...
Yep, but on the client's, not on the server. That is if you don't use 0.0.0.0/0 in that case it should already work as the firewall already allows this.

Edit: if you are using vpndirector to route internet data from server clients to vpn then you might have a route problem?
 
You must log in or register to reply here.

Similar threads

J
Wireguard unstable
Replies
1
Views
1K
Jorgensen
J
Z
Tutorial Wireguard server tweaks
2 3
Replies
51
Views
6K
doczenith1
doczenith1
H
Running WireGuard Server and Multiple Clients Fails With PktRunner Error
Replies
5
Views
1K
SomeWhereOverTheRainBow
SomeWhereOverTheRainBow
M
Wireguard Site-to-Site Complications
Replies
4
Views
1K
meat
M
D
GT-AX6000 - 3004_388.6_0 - Wireguard client - No Access to Servers local LAN
Replies
5
Views
591
Drihha
D
Similar threads
Thread starter Title Forum Replies Date
H Running WireGuard Server and Multiple Clients Fails With PktRunner Error Asuswrt-Merlin 5
octopus Solved Can you connect to Wireguard server from wan side? Asuswrt-Merlin 17
B Cannot connect to Wireguard VPN Server Asuswrt-Merlin 5
Skeptical.me Setting up WireGuard Server and Connecting — No access. Asuswrt-Merlin 21
P VPN Server Problem (wireguard and openvpn) Asuswrt-Merlin 7
H Wireguard server…. Can I change my IP? Asuswrt-Merlin 4
H WireGuard Server "Enable NAT - IPv6" Setting Question Asuswrt-Merlin 0
H Wireguard Server Allow DNS Setting? Asuswrt-Merlin 1
D Prevent a loop caused by connecting to AX86U wireguard server? Asuswrt-Merlin 15
P WireGuard Client & WireGuard Server/InstantGuard at the same time? Asuswrt-Merlin 108

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 930 (members: 24, guests: 906)
Top