Posted: Thu Apr 27, 2023 14:05 Post subject: tun from LAN via router with usb-c to rj45 inet from mobil
Hello Experts,
I need to ask for your help again.
Setup location A:
Netgear R6400 & DD-WRT v3.0-r52217 std (04/02/23) behind a bridged modem is running the Wireguard server. WAN IP 31.18.xx.xx, IP6 is disabled.
Setup location B:
Netgear R6400 & DD-WRT v3.0-r52217 std (04/02/23) uses tethering from Android mobil conected via usb-c to rj45 to Router WAN Port, which is running the Wireguard client in gateway mode. WAN IP 192.168.100.140, IP6 is disabled.
The wg tun is fine. Connections from mobil using wg app and from Router at location B works. DDWRT Wireguard (server) setup guide from @egc was used to make this happen, thx for that and so far so good.
Now i'll try to describe the main problem.
My laptop (win pro 11 x64) is connected to the location B router (wg client) via LAN Port and gets IP4 (192.168.0.123) using dhcp, client IP6 protocol is disabled. I've internet and browser request is showing the WAN IP from the router on location A (my wg server, 31.18.xx.xx).
When I start the cisco anyconnect mobil client app on my laptop to connnect with a company network the connection establishs without any problem, but the IP4 shown up on the company VPN server is the IP of my cell phone (118.90.xx.xx) and not the IP of my wg server.
On my WireGuard Server the Status is still something like this:
endpoint: 118.90.xx.xx:port
latest handshake: 1 minute, 29 seconds ago
transfer: 3.75 MiB received, 4.36 MiB sent
But no bytes are transfered anymore throw the tunnel, because it's obviously no longer used. How can i fix that?
Please let me know which information I need to provide for helping me to solve that problem. The goal is to connect to the company VPN from my location A IP if that is even possible.
I changed allowed IP's on the client router to 0.0.0.0/1, 128.0.0.0/1 and enabled kill switch on client side as well. save, apply, reboot.
plugged my cell phone in tethering mode on the client router WAN port. router comes up again and wg tunnel connection worked.
Next I connected my laptop to the client router on LAN1 and checked 'whats my IP', response in browser was the endpoint IP from my wg server (outgoing laptop IP).
Then I started cisco anyconnect mobile client again on my laptop. I could login to the company network, but few seconds after cisco connection was establisht, the internet connection on laptop closed. certainly because of kill switch enabled i guess.
just for me to understanding. I'm trying to route a sowtware IPsec VPN through the wg tunnel. is that even possible with wireguard?
I would use 1420 as MTU for the WG tunnel on both sides.
For the Cisco tunnel 1280 to try.
But I do not know if the cisco tunnel even supports this.
Man, u're amazing, u're my hero
I've set MTU to 1420 on both sides and it works. 🥳
Of course the connection is f**n slow but that's because of mobil data tethering i guess. Thank you a lot egc! You made my day again. 👍👍👍👍👍
This topic is solved, but I'm sure I'll have questions again. As next I need to make everything more secure. Can you suggest a wg tun hardening tutorial or hardening of DD-WRT generally? what things are to do except setup pre shared keys and iptables against brute force (still not much plan of it, but willing to learn). 😉