Joined: 14 Sep 2021 Posts: 21 Location: Western Hemisphere
Posted: Mon Feb 20, 2023 4:37 Post subject: Remotely reboot a WG Client router via the WG Server router?
Is there a way to remotely reboot a WG Client router via the WG Server router?
I was doing some testing on WG tunnels and have been accessing router ‘A’ remotely through OVPN, but after changing WG tunnels and ‘Apply Settings’ I lost my OVPN connection and could not re-establish. The only thread of contact I still have with remote router ‘A’ is it’s WG client tunnel to WG Server router ‘B’ before I lost my OVPN connection. I have full access to router B via WG or OVPN.
WG Setup is: WG Client router ‘A’ to WG Server router ‘B’. Both A and B, are behind a main router C, that I also have full access to via OVPN.
Is there anyway I can send a signal through WG Server Router B back to WG Client A to reboot A? I tried putting the tunnel IP in when connected to B, but it does not connect. I can’t connect to A LAN since I would be coming through the WG tunnel via B, and I don’t have external GUI turned on, ‘Remote Access: Web UI Management'. And C can’t connect to A either even though A is physically WAN connected to C LAN, because again would be coming in through A WAN and don’t have remote access turned on. I have always gone into routers via WG or OVPN Tunnels to manage the routers.
Router physical connections:
A–WAN-> C -> internet
B–WAN–> C -> internet
WG Tunnel Connection:
A (WG Client) -> WG -> B (WG Server)
If situation was reversed, say B was the target, then I could easily get into B via A, via the WG tunnel, which I have done several times, since A goes to B, as B is WG Server of A. But in this case with A as client and target, I can't go from B to A, at least any way I know of.
A, B are both Netgear R7000, with ddrwt 11/21/2022 - r50927. A, B have DDNS and go out through C to WAN to connect through WG Tunnel.
Hoping to get my OVPN connection back, to get access back to A to reconfigure A back to where it was before testing (as WG Server), and I think a reboot should fix it.
Unfortunately, remote Router A is thousands of miles away and not practically accessible until end of this year. It is also not practical at this time to have it power-cycled and force a reboot that way. Router B is a backup but need to keep both routers up and running for safety and redundancy.
Any ideas how to reboot A?
Thank you in advance ddwrt team.
SSP _________________ ASUS 7xAC68U
Linksys 3200ACM, 1900ACSv2, 3x1900AC, E3000, 5xE2500
Netgear 3xR7000, R6700, R6400
If able, give more than you take. Make the world better.
Joined: 14 Sep 2021 Posts: 21 Location: Western Hemisphere
Posted: Mon Feb 20, 2023 16:24 Post subject:
Hi egc,
I tried that again, going to WG Server B (either through WG or OVPN) and putting Client tunnel IP in, ex: 10.4.0.2 but page will not load, also tested on similar pair of routers that are fully up and have full access to, and page also would not load. I am putting the WG tunnel IP in browser.
But, it works fine going the other way, i.e. when logging into client router: when I test the other router pair that I have full access to Client, i.e. going into the Client router and putting in the WG tunnel, ex: 10.4.0.2 can easily access the WG Server router.
It seems like going from Server to Client I must be missing something?
Thank you for any other ideas or help. _________________ ASUS 7xAC68U
Linksys 3200ACM, 1900ACSv2, 3x1900AC, E3000, 5xE2500
Netgear 3xR7000, R6700, R6400
If able, give more than you take. Make the world better.
Joined: 18 Mar 2014 Posts: 12839 Location: Netherlands
Posted: Mon Feb 20, 2023 17:33 Post subject:
Usually when you control both sides you setup a site-to-site setup (WireGuard Advanced Setup Guide) which enables bidirectional traffic (Firewall disabled, No NAT, subnets in Allowed IP's).
A normal Client setup has its "Firewall Inbound" enabled so that you cannot start a new connection from the Server side, however if you have Persistent Keepalive set, you should be able to piggy back on the established connection.
Joined: 14 Sep 2021 Posts: 21 Location: Western Hemisphere
Posted: Mon Feb 20, 2023 18:23 Post subject:
Yes, verified trying http://10.4.0.2, still no connection. The WG connection between Client A and Server B is fine: “latest handshake: 10 seconds ago”.
Both target Client router A and Server router B, have persistent keep alive set to 0. If I change the persistent keep alive on the Server router B would that work, or does it need to be set on both ends?
Going forward would be better to have persistent keep alive set to a value say 25? When I first set it up I did, but I think I saw somewhere this was more for commercial vpn providers instead of your own ddwrt router, and has been working fine set to 0.
On Client router A, I think the Firewall inbound may be unchecked, but don't know for sure.
Quote:
you might try with Enabling NAT via tunnel on the Server depending on your client setup (what the client has in Allowed IP's)
Currently Server router B has NAT via tunnel disabled. I believe Client router A has allowed IPs set as: 0.0.0.0/1, 128.0.0.0/1 (or could be 0.0.0.0/0). Would this indicate NAT on or off on Server?
Thank you _________________ ASUS 7xAC68U
Linksys 3200ACM, 1900ACSv2, 3x1900AC, E3000, 5xE2500
Netgear 3xR7000, R6700, R6400
If able, give more than you take. Make the world better.