NonAlex
Occasional Visitor
Here is the situation: i have two ASUS routers, one, "client", runs Asuswrt-merlin, second, "server" runs ASUS native firmware as it's RT-AX89X.
What I'd like to do: Establish WG tunnel from "client" to "server", and have "server" to route certain public Internet IP subnets via the tunnel to "client" and then to the WAN interface of the "client"
I can on the "server" side, in WG server settings, I can add IP subnets to the "Server allowed IPs" list, and "server" router simply puts it on the routing table pointing to the VPN client interface
8.8.8.8 * 255.255.255.255 UH 0 0 0 wgs1
Unfortunately on the "client" router side I don't really see where to allow to route incoming traffic from the tunnel to the Internet. VPN Director rule to the "server" LAN subnet works just fine. So, i kind of have route pointing to the "server" LAN subnet from the "client".
On the "client" side WG VPN Client settings "Inbound firewall" is set to "allow". NAT is set to disabled.
However pings to 8.8.8.8 from the "server" all time out.
Actually, noting works in the reverse direction, even ping from the "server" router to the "client" LAN subnet (that's also in "Server Allowed IPs" list
So, what am I dong wrong ? Why doesn't it work as a site to site VPN even for LAN subnet in "reverse" direction ?
P.S.: I guess someone will immediately suggest to reverse entire thing, use VPN Fusion on the "... but that's not possible due to "server" being in the country with strong Internet censorship. Outgoing VPN connections are blocked, while inbound still work. And standard ASUS software doesn't have any VPN obfuscation support..
What I'd like to do: Establish WG tunnel from "client" to "server", and have "server" to route certain public Internet IP subnets via the tunnel to "client" and then to the WAN interface of the "client"
I can on the "server" side, in WG server settings, I can add IP subnets to the "Server allowed IPs" list, and "server" router simply puts it on the routing table pointing to the VPN client interface
8.8.8.8 * 255.255.255.255 UH 0 0 0 wgs1
Unfortunately on the "client" router side I don't really see where to allow to route incoming traffic from the tunnel to the Internet. VPN Director rule to the "server" LAN subnet works just fine. So, i kind of have route pointing to the "server" LAN subnet from the "client".
On the "client" side WG VPN Client settings "Inbound firewall" is set to "allow". NAT is set to disabled.
However pings to 8.8.8.8 from the "server" all time out.
Actually, noting works in the reverse direction, even ping from the "server" router to the "client" LAN subnet (that's also in "Server Allowed IPs" list
So, what am I dong wrong ? Why doesn't it work as a site to site VPN even for LAN subnet in "reverse" direction ?
P.S.: I guess someone will immediately suggest to reverse entire thing, use VPN Fusion on the "... but that's not possible due to "server" being in the country with strong Internet censorship. Outgoing VPN connections are blocked, while inbound still work. And standard ASUS software doesn't have any VPN obfuscation support..
