Menu
What's new
By:
Filters Better Search

VPN Director question

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

E

elorimer

Part of the Furniture
I'm moving my setup from OpenVPN to Wireguard and have stumbled. I have an AX-88U setup with an OpenVPN server and a Wireguard server, and an Ax-86Pro setup with two OpenVPN clients and one Wireguard client. On the client side I want traffic (a) to or from the AX-88U LAN to go over the VPN, (b) and other traffic to go over the WAN, (c) except for one device, a TV, that I want always to go over the VPN.

Using OpenVPN or Wireguard (a) and (b) work fine, but (c) works for OpenVPN but not Wireguard. More specifically, looking at the table below, if I activate Rule #2 and deactivate Rule # 6, all traffic from 192.168.10.120 goes over the OpenVPN tunnel. But if I deactivate Rule #2 and activate Rule #6, all traffic going to the internet is routed over the WAN and not the Wireguard tunnel.

The Wireguard client has Allowed IPs of 10.6.0.0/24, 192.168.50.0/24, 0.0.0.0/24. What am I doing wrong?

NB: The site to site rule didn't work if "Local IP" was blank. I had to fill in the local IP range.


1694795407496.png
 
Last edited:
elorimer said:
The Wireguard client has Allowed IPs of 10.6.0.0/24, 192.168.50.0/24, 0.0.0.0/24. What am I doing wrong?
Click to expand...
0.0.0.0/24???

The AllowedIPs needs to contain ALL destinations possible to be reached over wg vpn. Since you have a single device that requires internet to go this way, just adjust it to 0.0.0.0/0.

Then take care of your rules in vpndirector accordingly (like you pretty much have done already)

LocalIP: blank, RemoteIP: 10.6.0.0/24 ,Iface: WGC1
LocalIP: blank, RemoteIP: 192.168.50.0/24 ,Iface: WGC1
LocalIP: 192.168.10.120, RemoteIP: blank, Iface: WGC1

Please note that having multple servers on same lan connecting from multiple clients on same lan could create a routing conflict on the server side.
 
Last edited:
Thanks. Doh, I'm surprised I didn't put it down as 0.0.0.0/32. Staring at the wrong thing.

That fixed the problem with the single device. I hadn't been able to get the site to site working using blank for the local ip and had to fill in the local network, but it looks like that isn't necessary anymore either.

Yes, the VPN rules I'd been juggling til I fixed this, turning off clients and rules as I moved from one situation to another, but now I can turn off the openvpn3 client entirely.
 
You must log in or register to reply here.

Similar threads

A
Restart WireGuard client when fails
Replies
5
Views
356
ZebMcKayhan
Z
C
VPN Policy rules director
Replies
1
Views
428
RMerlin
RMerlin
G
[Help] Routing VPN server through VPN client (external VPN Provider)
Replies
14
Views
1K
ZebMcKayhan
Z
H
WireGuard VPN Watchdog?
Replies
6
Views
906
Jeffrey Young
J
D
GT-AX6000 - 3004_388.6_0 - Wireguard client - No Access to Servers local LAN
Replies
5
Views
591
Drihha
D
Similar threads
Thread starter Title Forum Replies Date
O Assigned IP address to the WAN interface via VPN director: no internet connection - why? Asuswrt-Merlin 1
A Asus Merlin 388.6_2 VPN-Director Asuswrt-Merlin 5
M VPN FUSION & VPN DIRECTOR Merlin Firmware Asuswrt-Merlin 34
S VPN director and LAN traffic Asuswrt-Merlin 2
J Correctly using VPN Director? Asuswrt-Merlin 2
L&LD Problem with VPN Director Asuswrt-Merlin 6
devhell How I can dynamically manage VPN director rules list by CLI Asuswrt-Merlin 0
M VPN Director Stopped Working Asuswrt-Merlin 1
C VPN Policy rules director Asuswrt-Merlin 1
128bit can VPN Director be set to automatically use the wan for youtubeTV? Asuswrt-Merlin 8

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 980 (members: 36, guests: 944)
Top