Wireguard / OpenVPN connects but no LAN Access when running in Repeater Mode?

[jksmurf]

I did a wee search but could not find an answer for my specific issue.

I have a GLiNET Router with (separate) OpenVPN and Wireguard CLIENT Profiles connecting to an ASUS RT-AX86U set up as a VPN SERVER; but I don’t think this issue is peculiar to the GLiNET device. Apologies for the cross-forum posting, I posted a similar question on the GLINET forum but started to think overnight that this could actually be an ASUS VPN server issue?

By way of background, I have good working WG and oVPN profiles from my iPhone ←→ ASUS Server and each which works 100% fine on the (Airport) Wifi, with my iPhone connected directly to that Wifi. With either profile I can access home devices, RD etc. (using my iPhone). See attached PIC showing WG Peer VPN Profile in iPhone that works. See also Server settings. FYI in my Asus Router I use Cloudflare 1.1.1.1 an 1.0.0.1 as DNS Servers, hence why the former is added to the WG config.

However using the same WG / oVPN profiles imported into the GLiNET Router, with that Router running in Repeater Mode (connected to the exact same Airport Wifi), whilst these both connect (separate instances) and show that they are connected, I do not get LAN Access to my home (ASUS)? See attached PIC showing WG Client VPN Profile in Router that does not work. I did try adding 1.1.1.1 as an additional DNS to the WG VPN Client config in the GLINET Router too; but that still doesn’t work (it is removed again as shown below).

Is there a simple switch or guidance document where I can see I missed a step please?
I do not use VPN Director - do I need to use VPN Director for this type of setup?
Do you need my profiles (with sensitive details removed). They are pretty standard.

I can supply logs if needed but was really hoping someone could say "enable this" or "put this setting" in your config (Server or Client/Peer).
RT-AX86U on 388.2 Alpha 1 (not normally on alphas but I thought this might fix it).

Thanks!

k.

 

[elorimer]

I suspect this is a GL-Inet issue with the latest beta. Not sure yet, but I'm seeing some squirrely things that I want to run down when I have time. I didn't see those squirrely things with the snapshots before the beta.

 

[jksmurf]

I suspect this is a GL-Inet issue with the latest beta. Not sure yet, but I'm seeing some squirrely things that I want to run down when I have time. I didn't see those squirrely things with the snapshots before the beta.

Thanks elorimer, I really really hope so.

I am at a loss what to do next.

I'll admit my level of knowledge in this area is very limited, but I cannot fathom how it works for iOS only setup and not for the Router one using the same profile. I simply don't know where to look to understand the underlying issue, so as fix it. I have read quite a few forum posts on various WG setups (most seemingly complex ones) and I was hoping to avoid port forwards and the like. None of the simple the setups instructions / comments I have read seem to suggest that route.

I was reading in this thread that someone implemented VPN Director to make things work; I don't have anything configured in that Tab. Like the guy in that thread suggested; do I really need it and why do I need it (paraphrasing from "The VPNDirector-Part was completly new to me. Why is this even necessary?").

And another fellow said this "It took me a while to figure out that I needed a rule for routing in the VPN Director in order for devices on the different subnets to see one another. (I had assumed that toggling the "Access Intranet" switch on the WG server configuration GUI would take care of this, but no such luck.)"

k.

 

[elorimer]

VPN Director on the Asus is only a client thing, not a server thing, if I understand it correctly. If you are connecting inbound to the Asus, it won't come into play.

 

[jksmurf]

Solved! It was a setting in the GLiNET WebAdmin changing "Global Proxy" to "Auto Detect".

See here.

Happy Days!