What's new

WireGuard Client & WireGuard Server/InstantGuard at the same time?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

privacyguy123

Senior Member
Is such setup possible on these routers? Through the GUI it seems not ... is there perhaps some fancy kind of hack or script?
 
Is such setup possible on these routers? Through the GUI it seems not ... is there perhaps some fancy kind of hack or script?
Im running Wireguard server and Wireguard client on my router at the same time. It works perfectly! You just need to add the proper rules in VPNDirector.
Not sure why you want to add InstantGuard to the mix?

Why would you say it doesnt look possible in the gui?
 
Im running Wireguard server and Wireguard client on my router at the same time. It works perfectly! You just need to add the proper rules in VPNDirector.
Not sure why you want to add InstantGuard to the mix?

Why would you say it doesnt look possible in the gui?

Maybe you could talk me through it? I already have Wireguard client with VPNDirector rules ... could you screenshot your settings? When I tried to tunnel into my router with supplied QR code my phone on 4G wasn't able to connect to anything.

I was about to try one connection OVPN one connection WireGuard because I keep getting some weird error about multiple up scripts when I try OVPN.
 
Last edited:
Doh ... it was the port forwarding. I can tunnel through the router now but getting Public IP. Isn't it possible to tunnel in and also share the VPN clients IP thats connected from within the router?
 
Maybe you could talk me through it? I already have Wireguard client with VPNDirector rules ... could you screenshot your settings? When I tried to tunnel into my router with supplied QR code my phone on 4G wasn't able to connect to anything.

I was about to try one connection OVPN one connection WireGuard because I keep getting some weird error about multiple up scripts when I try OVPN.
Open setting VPN(1), VPN Server(2), Other (2)and select Wireguard(3).
If you dont have any tunnel ip preference let the default 10.6.0.1/32 be (it will be simpletst) (4).
Create a client by pushing (5).
In the window that appears, give the client an approprate name and hit apply.
Click on the client to get a qrcode or config file to import to the wireguard client.
Start the server by sliding the wireguard switch.

When convenient add the vpndirector rule local ip = blank, remote ip =10.6.0.0/24, iface=WAN. This is for lan clients using vpn to connect to internet to be able to communicate with your server clients.
 

Attachments

  • 20230930_180811.jpg
    20230930_180811.jpg
    54.7 KB · Views: 66
When convenient add the vpndirector rule local ip = blank, remote ip =10.6.0.0/24, iface=WAN. This is for lan clients using vpn to connect to internet to be able to communicate with your server clients.

I was missing this which seems important. I still am unable to tunnel through the router and share it's VPN IP however.
 
Doh ... it was the port forwarding. I can tunnel through the router now but getting Public IP. Isn't it possible to tunnel in and also share the VPN clients IP thats connected from within the router?
I cant help you with OVPN. With wireguard its just to add Wireguard server client ip to vpndirector, such as local ip 10.6.0.0/24 for all server clients, or 10.6.0.2/32 for just the first client. Then set to use Iface wgc1 or whichever you use.
 
I've got a little further adding this workaround hack to AllowedIPS in the VPN SERVER config page "0.0.0.0/5,8.0.0.0/7,11.0.0.0/8,12.0.0.0/6,16.0.0.0/4,32.0.0.0/3,64.0.0.0/2,128.0.0.0/3,160.0.0.0/5,168.0.0.0/6,172.0.0.0/12,172.32.0.0/11,172.64.0.0/10,172.128.0.0/9,173.0.0.0/8,174.0.0.0/7,176.0.0.0/4,192.0.0.0/9,192.128.0.0/11,192.160.0.0/13,192.169.0.0/16,192.170.0.0/15,192.172.0.0/14,192.176.0.0/12,192.192.0.0/10,193.0.0.0/8,194.0.0.0/7,196.0.0.0/6,200.0.0.0/5,208.0.0.0/4"

My phone tunnelling in through VPN tunnel can't see Tidal Connect devices that the main Laptop can though with exactly the same settings ... what would be stopping it from discovering the Tidal connect receiver?
 
I've got a little further adding this workaround hack to AllowedIPS in the VPN SERVER config page "0.0.0.0/5,8.0.0.0/7,11.0.0.0/8,12.0.0.0/6,16.0.0.0/4,32.0.0.0/3,64.0.0.0/2,128.0.0.0/3,160.0.0.0/5,168.0.0.0/6,172.0.0.0/12,172.32.0.0/11,172.64.0.0/10,172.128.0.0/9,173.0.0.0/8,174.0.0.0/7,176.0.0.0/4,192.0.0.0/9,192.128.0.0/11,192.160.0.0/13,192.169.0.0/16,192.170.0.0/15,192.172.0.0/14,192.176.0.0/12,192.192.0.0/10,193.0.0.0/8,194.0.0.0/7,196.0.0.0/6,200.0.0.0/5,208.0.0.0/4"

My phone tunnelling in through VPN tunnel can't see Tidal Connect devices that the main Laptop can though with exactly the same settings ... what would be stopping it from discovering the Tidal connect receiver?
Why dont you slow down and tell us what your issue really is. Do you know whats happening when you mess with AllowedIPs? This is part of Wireguard internal and external routing. There are typically no reasons to replace the default value. More risk of breaking something.

So, what is working for you and what is not?
 
Im able to tunnel into the router and share it's VPN connection now with a combination of stuff you've suggested. Localhost access seems broken - unable to connect to Adguard Home panel or Tidal Connect devices for example.
 
This is a problem on your Adguard device, or Tidal Connect device. Check their firewalls to allow incoming connections from 10.6.0.0/24 subnet.
Tidal connect device doesn't have a firewall.

Adguard is installed on the router itself, indicating a problem with accessing localhost despite the option "access intranet" being ticked ...
 
Tidal connect device doesn't have a firewall.
Then something else on the device is preventing access frrom other subnets.

There are workarounds for this but they affect performance, router work-loads and makes future debug more difficult so depleat other options first.

Adguard is installed on the router itself, indicating a problem with accessing localhost despite the option "access intranet" being ticked ...
Dont make the mistake of blaming Wireguard implementation for your addon-issues. Wireguard pushes DNS as Router WG ip and updates dnsmasq to listen to this, how should it know you are running add-ons? Are Adguard-home listening on this ip/iface?? You could change dns directive to your router lan ip in the server client wg config if it would make any difference.
 
Then something else on the device is preventing access frrom other subnets.

There are workarounds for this but they affect performance, router work-loads and makes future debug more difficult so depleat other options first.


Dont make the mistake of blaming Wireguard implementation for your addon-issues. Wireguard pushes DNS as Router WG ip and updates dnsmasq to listen to this, how should it know you are running add-ons? Are Adguard-home listening on this ip/iface?? You could change dns directive to your router lan ip in the server client wg config if it would make any difference.

If you could let me know the workaround, I don't really care about any of that.

It seems after some testing I cannot access any of the remote access stuff on my home network from OUTSIDE the network while WireGuard tunneled in, which doesn't make sense. That is exactly the only reason I would ever want to tunnel in from WAN ... Setting DNS explicitly to router address doesn't fix it.
 
Last edited:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top