dacid44
New Around Here
This might just be an iptables thing, but I can't figure it out.
Short version: I'm trying to forward packets from a VPS to the router over wireguard (router is client) and forward them to the correct device on the LAN.
I have a setup that I'm trying to carry over from my old DD-WRT router where I have the router connect to a Wireguard server running on a VPS, so that even when my router is behind a NAT (e.g., on a university dorm network), or the WAN settings change, I can expose ports to the internet through the VPS (for example, if I run a Minecraft server, I can give someone the ip of the VPS, and it will forward the connection through the wireguard tunnel to the router, which will forward it to my PC).
I am trying to replicate this setup using ASUSwrt-Merlin, and I'm stuck. I have a Wireguard connection set up, and I can tell that they are connected by running the wg command on both ends. In addition, pinging the router or my PC from the VPS while running tcpdump on the router's wgc1 interface shows the incoming packets, as do LOG entries in the iptables PREROUTING chain on the
I have also noticed, however, that I'm unable to ping the wireguard server from the router. (or, I can, but it's going through my old router which the new one is plugged into). I'm not sure why this is, either, but solving it may be the first step in fixing my main issue. running
The wireguard configuration is, as far as I can tell, exactly the same as the one on the old DD-WRT router, and as far as I can tell, all the iptables rules are correct, but I am way less sure of that. Any ideas what might be the problem here?
Router model: ASUS RT-AX86U
Firmware version: ASUSwrt-Merlin release 3004.388.4
LAN subnet: 192.168.50.1/24
Wireguard subnet: 192.168.5.1/24 (server is 192.168.5.1, router is 192.168.5.50)
I've tried with NAT both on and off, as well as with a VPN Director rule for wgc1 with remote IP 192.168.5.0/24.
I can post logs or other configuration files too if it helps. I'm pretty sure the VPS end is not the problem, as the configuration is exactly the same as what's been running with the DD-WRT router for ~3 years now. I'm certainly not ruling it out, though.
Thanks in advance!
Short version: I'm trying to forward packets from a VPS to the router over wireguard (router is client) and forward them to the correct device on the LAN.
I have a setup that I'm trying to carry over from my old DD-WRT router where I have the router connect to a Wireguard server running on a VPS, so that even when my router is behind a NAT (e.g., on a university dorm network), or the WAN settings change, I can expose ports to the internet through the VPS (for example, if I run a Minecraft server, I can give someone the ip of the VPS, and it will forward the connection through the wireguard tunnel to the router, which will forward it to my PC).
I am trying to replicate this setup using ASUSwrt-Merlin, and I'm stuck. I have a Wireguard connection set up, and I can tell that they are connected by running the wg command on both ends. In addition, pinging the router or my PC from the VPS while running tcpdump on the router's wgc1 interface shows the incoming packets, as do LOG entries in the iptables PREROUTING chain on the
raw
table. However, none of the packets as far as I can tell ever make it to iptables filters or nat rules, as logging all packets with the filter -i wgc1
on the FORWARD or INPUT chains, or the INPUT chain on the nat
table doesn't show anything.I have also noticed, however, that I'm unable to ping the wireguard server from the router. (or, I can, but it's going through my old router which the new one is plugged into). I'm not sure why this is, either, but solving it may be the first step in fixing my main issue. running
ip route
shows no route for the wireguard tunnel's subnet.The wireguard configuration is, as far as I can tell, exactly the same as the one on the old DD-WRT router, and as far as I can tell, all the iptables rules are correct, but I am way less sure of that. Any ideas what might be the problem here?
Router model: ASUS RT-AX86U
Firmware version: ASUSwrt-Merlin release 3004.388.4
LAN subnet: 192.168.50.1/24
Wireguard subnet: 192.168.5.1/24 (server is 192.168.5.1, router is 192.168.5.50)
I've tried with NAT both on and off, as well as with a VPN Director rule for wgc1 with remote IP 192.168.5.0/24.
I can post logs or other configuration files too if it helps. I'm pretty sure the VPS end is not the problem, as the configuration is exactly the same as what's been running with the DD-WRT router for ~3 years now. I'm certainly not ruling it out, though.
Thanks in advance!