Menu
What's new
By:
Filters Better Search

Wireguard on Asus: Can only see router, not LAN Devices!

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

C

cheerio

New Around Here
How the heck do I get clients connected via wireguard to see devices on the LAN?

I have an ASUS AX88U running latest Merlin firmware [3004.388.4]

I can only see intenet and the router LAN ip from devices connected via wireguard vpn. I need to be able to connect to internal devices. I got this working with OpenVPN but can't seem to get Wireguard working. I thought it was supposed to be simple.

Settings below.. what am I missing??
1699385540090.png


1699385554973.png


Peer settings:
1699385733979.png
 
If you're trying to access LAN shares through the VPN then the connections are probably denied by each individual device due to connection not coming from LAN IP (but instead it comes from the WireGuard's network IP).

The working workaround is to either add MASQUERADE iptables rules on the router for the required ports (in nat-start script on Merlin firmware, look below) or configure LAN devices to accept connections from 10.6.0.0/24 network.

OpenVPN I believe does this transparently already?

Bash: 
#!/bin/sh

# adjust these when needed
VPN_NETWORK="10.6.0.0/24"
LAN_NETWORK="192.168.1.0/24"

if ! iptables -t nat -nL "SAMBA_MASQUERADE" > /dev/null 2>&1; then # no idea if required
    iptables -t nat -N "SAMBA_MASQUERADE"
    iptables -t nat -A "SAMBA_MASQUERADE" -p tcp --dport 445 -j MASQUERADE
    iptables -t nat -A "SAMBA_MASQUERADE" -p tcp --dport 139 -j MASQUERADE
    iptables -t nat -A "SAMBA_MASQUERADE" -p udp --dport 138 -j MASQUERADE
    iptables -t nat -A "SAMBA_MASQUERADE" -p udp --dport 137 -j MASQUERADE
    iptables -t nat -A "SAMBA_MASQUERADE" -p icmp --icmp-type 1 -j MASQUERADE
    #iptables -t nat -A "SAMBA_MASQUERADE" -j RETURN # not required
    iptables -t nat -A POSTROUTING -s "$VPN_NETWORK" -d "$LAN_NETWORK" -o br0 -j "SAMBA_MASQUERADE"
fi
 
Last edited:
ah. I was hoping it was just a configuration oversight on my end.

What I gather from searching around is that the Asus/Merlin WireGuard implementation isn't complete if it necessitates logging in via ssh and updating routing rules manually.

The OpenVPN implementation is more complete as it doesn't require manual intervention.

Hoping that gets updated someday as I heard WireGuard is much faster than OpenVPN and I'm not a fan of adding in additional configuration outside of what is possible via the provided firmware screens.

That said, I'll try that out since I"m just experimenting with WireGuard to test the throughput of WireGuard compared to OpenVPN.
 
You must log in or register to reply here.

Similar threads

P
Wireguard - set peer IP from LAN IP range?
Replies
1
Views
245
sfx2000
sfx2000
D
GT-AX6000 - 3004_388.6_0 - Wireguard client - No Access to Servers local LAN
Replies
5
Views
588
Drihha
D
R
ASUS RT-AX86U Double Hop VPN?
Replies
2
Views
191
Rickety Jim
R
A
Recommendation for 1Gb speeds with Flow Control Off.
Replies
2
Views
553
archiel
A
ChitlinNoodleSoup
Proton Wireguard Client Question
Replies
2
Views
1K
ChitlinNoodleSoup
ChitlinNoodleSoup
Similar threads
Thread starter Title Forum Replies Date
C Asus RT-AX86U with Wireguard VPN. VPN 33
H Routing wireguard VPN 0
A WireGuard Server is running but clients cant connect VPN 2
mkaand Tutorial Wireguard AllowedIPs Calculator VPN 0
R WireGuard - DNS - Zscaler VPN 0
C Migrate to Wireguard Manager VPN 3
C Cant create client wireguard ac865U VPN 5
K Wireguard DDNS VPN 6
H Using WireGuard app vs. native VPN app on iPhone VPN 15
KonoSuba WireGuard - Split Tunnelling - How to Configure? VPN 0

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 884 (members: 24, guests: 860)
Top