How to exclude a single local ipv4 device from a WG tunnel

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
Jinux2
DD-WRT Novice


Joined: 25 Jan 2022
Posts: 10

PostPosted: Tue Jan 25, 2022 10:23    Post subject: How to exclude a single local ipv4 device from a WG tunnel Reply with quote
Hi all, I have a home server I use to host my nextcloud, and searx. I also followed the Idiot's Guide to Configuring Wireguard - Client Tunnel. Unfortunately the tunnel and my server don't get along nice because the server is then routed through Mullvad. In the webadmin GUI i enabled advanced settings, turned on Source Routing (PBR) and put the local ipv4 of the device in the source for PBR box. This slightly fixed the issue by allowing me to access the server, however searx is still broken (won't pull data from google servers), and nextcloud will load a few images on the webpage, and give up. Using a Netgear XR500 on firmware version DD-WRT v3.0-r47874 std (12/18/21) if this helps.

Also unrelated, but apparently I had an account I forgot to activate, username Jinux, and I'm not really sure what to do because it says I can't log in because the account is inactive, and I don't have the activation email anymore.
Sponsor
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14180
Location: Texas, USA

PostPosted: Tue Jan 25, 2022 11:20    Post subject: Reply with quote
You possibly need to upgrade to the current release.

https://ftp.dd-wrt.com/dd-wrtv2/downloads/betas/2022/01-21-2022-r48141/netgear-xr500/

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Jinux2
DD-WRT Novice


Joined: 25 Jan 2022
Posts: 10

PostPosted: Tue Jan 25, 2022 16:14    Post subject: Reply with quote
Just updated and nothing really changed. Same issues as before, except now there's an "undefined" option with 2 radio buttons that both say undefined
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12857
Location: Netherlands

PostPosted: Tue Jan 25, 2022 16:39    Post subject: Reply with quote
The Idiot's Guide to Configuring Wireguard - Client Tunnel was valid a long, long time ago in a galaxy far, far away Smile

Remove *all* scripting

How to setup is described in the WireGuard Client setup guide links in my signature at the bottom.

Furthermore set KeepAlive to 25.

However unless you also added the killswitch that might not solve your problem.

Problem is I do not use Nextcloud nor searx, are they both running on a LAN client?

I assume at least Nextcloud is running on a LAN client and you have port forwarded to that client.
As traffic comes in via the WAN it also has to go out via the WAN and not via the VPN, so you have to use Policy Based Routing.
You can do it the way you are doing it now so only route one IP address (the Nextcloud server) via the WAN and that should work.
However all other traffic will use the VPN (including your router).

You can also reverse this and let only some clients use the VPN.
So you can try that, choose "Route selected sources via the VPN" and add only those clients which you want to use the VPN.

See WireGuard Client setup guide for details and explanation

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Jinux2
DD-WRT Novice


Joined: 25 Jan 2022
Posts: 10

PostPosted: Tue Jan 25, 2022 18:00    Post subject: Reply with quote
In reply to egc,
I followed your guide and it was way easier than the guide i followed originally lol. Unfortunately it still appears something is blocking the server from sending all the data it needs to.
Nextcloud and Searx are both running in a Yunohost container (a debian disto) on my Dell Optiplex. It's plugged into the ethernet on the router directly, and all the ports are forwarded. I'm new to home networking so I apologize if I sound ignorant when I'm describing things
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12857
Location: Netherlands

PostPosted: Wed Jan 26, 2022 7:19    Post subject: Reply with quote
First of all I would not use IPv6 with WireGuard as that can have unwanted effects.

Just disable the WG tunnel (setings are retained) to see if it is actually working , there could be all kinds of left overs from your earlier installation (so even a full reset and rebuild from scratch might be considered.)

As the VM can have its own IP address using only the Dell's IP address might not be enough, also DNS might play a role.

So try reversing the PBR, re-enable the tunnel and choose
"Route selected sources via the VPN"
As source IP address add an IP address which is outside the DHCP range and not used e.g. 192.168.1.13, this is just for testing as anything besides this address is still routed via the WAN.

also Enable Split DNS

If everything is still working add your IP addresses you want to use the the VPN to the PBR box , use CIDR notation as outlined in the WireGuard Client setup guide.

As I do not use searx, nor Nextcloud nor yunohost containers that is all I can do for you

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Jinux2
DD-WRT Novice


Joined: 25 Jan 2022
Posts: 10

PostPosted: Wed Jan 26, 2022 17:42    Post subject: Reply with quote
Well thanks for your help anyway.

Routing my personal laptop through VPN works, and allows the server to work. Disabling the tunnel also works. However when I only exclude the PC from the VPN it doesn't work. It's not in a virtual machine or anything, it's running on bare metal. At this point I'm not really sure what to do other than suffer by having to manually input every device on the network put the Server.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12857
Location: Netherlands

PostPosted: Wed Jan 26, 2022 18:08    Post subject: Reply with quote
I have a vpn server behind the router and it works for that just routing that server via the WAN.

But the good news is, you do not have to put in every device.

Just read the manual Smile

Hint CIDR


Edit: 2 entries should normally do it

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum