Remotely reboot a WG Client router via the WG Server router?

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
SunSkyPi
DD-WRT Novice


Joined: 14 Sep 2021
Posts: 21
Location: Western Hemisphere

PostPosted: Mon Feb 20, 2023 4:37    Post subject: Remotely reboot a WG Client router via the WG Server router? Reply with quote
Is there a way to remotely reboot a WG Client router via the WG Server router?

I was doing some testing on WG tunnels and have been accessing router ‘A’ remotely through OVPN, but after changing WG tunnels and ‘Apply Settings’ I lost my OVPN connection and could not re-establish. The only thread of contact I still have with remote router ‘A’ is it’s WG client tunnel to WG Server router ‘B’ before I lost my OVPN connection. I have full access to router B via WG or OVPN.

WG Setup is: WG Client router ‘A’ to WG Server router ‘B’. Both A and B, are behind a main router C, that I also have full access to via OVPN.

Is there anyway I can send a signal through WG Server Router B back to WG Client A to reboot A? I tried putting the tunnel IP in when connected to B, but it does not connect. I can’t connect to A LAN since I would be coming through the WG tunnel via B, and I don’t have external GUI turned on, ‘Remote Access: Web UI Management'. And C can’t connect to A either even though A is physically WAN connected to C LAN, because again would be coming in through A WAN and don’t have remote access turned on. I have always gone into routers via WG or OVPN Tunnels to manage the routers.

Router physical connections:
A–WAN-> C -> internet
B–WAN–> C -> internet

WG Tunnel Connection:
A (WG Client) -> WG -> B (WG Server)

If situation was reversed, say B was the target, then I could easily get into B via A, via the WG tunnel, which I have done several times, since A goes to B, as B is WG Server of A. But in this case with A as client and target, I can't go from B to A, at least any way I know of.

A, B are both Netgear R7000, with ddrwt 11/21/2022 - r50927. A, B have DDNS and go out through C to WAN to connect through WG Tunnel.

Hoping to get my OVPN connection back, to get access back to A to reconfigure A back to where it was before testing (as WG Server), and I think a reboot should fix it.

Unfortunately, remote Router A is thousands of miles away and not practically accessible until end of this year. It is also not practical at this time to have it power-cycled and force a reboot that way. Router B is a backup but need to keep both routers up and running for safety and redundancy.

Any ideas how to reboot A?

Thank you in advance ddwrt team.
SSP

_________________
ASUS 7xAC68U
Linksys 3200ACM, 1900ACSv2, 3x1900AC, E3000, 5xE2500
Netgear 3xR7000, R6700, R6400
If able, give more than you take. Make the world better.
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12839
Location: Netherlands

PostPosted: Mon Feb 20, 2023 11:37    Post subject: Reply with quote
You can simple test it from the server side just try to reach your client on its WG address (e.g. 10.4.0.2)
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
SunSkyPi
DD-WRT Novice


Joined: 14 Sep 2021
Posts: 21
Location: Western Hemisphere

PostPosted: Mon Feb 20, 2023 16:24    Post subject: Reply with quote
Hi egc,

I tried that again, going to WG Server B (either through WG or OVPN) and putting Client tunnel IP in, ex: 10.4.0.2 but page will not load, also tested on similar pair of routers that are fully up and have full access to, and page also would not load. I am putting the WG tunnel IP in browser.

But, it works fine going the other way, i.e. when logging into client router: when I test the other router pair that I have full access to Client, i.e. going into the Client router and putting in the WG tunnel, ex: 10.4.0.2 can easily access the WG Server router.

It seems like going from Server to Client I must be missing something?

Thank you for any other ideas or help.

_________________
ASUS 7xAC68U
Linksys 3200ACM, 1900ACSv2, 3x1900AC, E3000, 5xE2500
Netgear 3xR7000, R6700, R6400
If able, give more than you take. Make the world better.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12839
Location: Netherlands

PostPosted: Mon Feb 20, 2023 17:33    Post subject: Reply with quote
Usually when you control both sides you setup a site-to-site setup (WireGuard Advanced Setup Guide) which enables bidirectional traffic (Firewall disabled, No NAT, subnets in Allowed IP's).

A normal Client setup has its "Firewall Inbound" enabled so that you cannot start a new connection from the Server side, however if you have Persistent Keepalive set, you should be able to piggy back on the established connection.

Make sure to do e.g http://10.4.0.2 and not https

But if you do not have Persistent Keepalive set and have the Firewall Inbound enabled then I do not see how you can connect.

Edit: you might try with Enabling NAT via tunnel on the Server depending on your client setup (what the client has in Allowed IP's), but if that does not work you are out of luck

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
SunSkyPi
DD-WRT Novice


Joined: 14 Sep 2021
Posts: 21
Location: Western Hemisphere

PostPosted: Mon Feb 20, 2023 18:23    Post subject: Reply with quote
Yes, verified trying http://10.4.0.2, still no connection. The WG connection between Client A and Server B is fine: “latest handshake: 10 seconds ago”.

Both target Client router A and Server router B, have persistent keep alive set to 0. If I change the persistent keep alive on the Server router B would that work, or does it need to be set on both ends?

Going forward would be better to have persistent keep alive set to a value say 25? When I first set it up I did, but I think I saw somewhere this was more for commercial vpn providers instead of your own ddwrt router, and has been working fine set to 0.

On Client router A, I think the Firewall inbound may be unchecked, but don't know for sure.

Quote:
you might try with Enabling NAT via tunnel on the Server depending on your client setup (what the client has in Allowed IP's)


Currently Server router B has NAT via tunnel disabled. I believe Client router A has allowed IPs set as: 0.0.0.0/1, 128.0.0.0/1 (or could be 0.0.0.0/0). Would this indicate NAT on or off on Server?

Thank you

_________________
ASUS 7xAC68U
Linksys 3200ACM, 1900ACSv2, 3x1900AC, E3000, 5xE2500
Netgear 3xR7000, R6700, R6400
If able, give more than you take. Make the world better.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum