DD-WRT :: View topic - Wireguard client with private IP

Wireguard client with private IP

DD-WRT Forum Index -> Advanced Networking

View previous topic :: View next topic

Author

Message

lenox82
DD-WRT Novice

Joined: 24 Feb 2024
Posts: 2

Posted: Sun Feb 25, 2024 17:59 Post subject: Wireguard client with private IP

Hi!
I would like to ask for help in configuring Wireguard on my router (Asus rt-n66U f:v3.0-r55179 big).
I've read the configuration guides but it still doesn't work the way I want it to.
I need to configure DD-WRT as a WG client (non-public IP address).
The main WG server is a VPS that has a public IP address. I want to connect two WG clients to it (mikrotik and DD-WRT) that do not have public IP addresses. While Mikrotik seems to work properly, I have a problem with DD-WRT.
I want the mikrotik local networks (e.g. 192.168.1.0/24) and DD-WRT (e.g. 192.168.2.0/24) to see each other. I want every IP address from one network to see every address from the other network as well as the main server.
The WG server (VPS) has an address e.g. 10.10.10.1, Mikrotik e.g. address 10.10.10.2 and DD-WRT address 10.10.10.3.
And while I can ping the DD-WRT address 10.10.10.3 from the server and Mikrotik, I cannot ping the 10.10.10.3 address from the DD-WRT local network.
I don't know if I should enable DD-WRT:
1. NAT via Tunnel
2. Firewall Inbound (SPI firewall is enabled)
3. Advance Settings - should I turn it on and set some PBR?
4. Peer (VPS server) has endpoint enabled and correct IP address.
5. What IP to set in Allowed IPs (peer)
6. Route Allowed IPs via Tunnel (peer) is enabled
7. Persistent Keepalive - is it necessary?
8. IP Addresses / Netmask (CIDR) are set to 10.10.10.3/32 - there was a problem with the /24 mask

I want the main traffic from the DD-WRT local network to go normally through the router and only the addresses:
- 192.168.1.0 (mikrotik)
- 10.10.10.2 (WG mikrotik) and 10.10.10.1 (VPS)
- domain, e.g. server.loc and nas.loc - target addresses in the mikrotik local network.
were sent by WG.

Sponsor

egc
DD-WRT Guru

Joined: 18 Mar 2014
Posts: 12917
Location: Netherlands

Posted: Sun Feb 25, 2024 19:23 Post subject:

WireGuard Advanced setup guide see multi router setup: Hub and spoke setup
The routers are basically setup as a server with allowed ips as the subnets of the other participants and the wg subnet
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087

kernel-panic69
DD-WRT Guru

Joined: 08 May 2018
Posts: 14249
Location: Texas, USA

Posted: Sun Feb 25, 2024 19:44 Post subject:

@egc: I edited your post to add direct link because people don't always make connection to the stickies or announcements. Rolling Eyes

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net

egc
DD-WRT Guru

Joined: 18 Mar 2014
Posts: 12917
Location: Netherlands

Posted: Sun Feb 25, 2024 19:47 Post subject:
Thanks _________________ Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1. Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399 Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614 Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087

lenox82
DD-WRT Novice

Joined: 24 Feb 2024
Posts: 2

Posted: Sun Feb 25, 2024 20:08 Post subject:

egc wrote:

WireGuard Advanced setup guide see multi router setup: Hub and spoke setup
The routers are basically setup as a server with allowed ips as the subnets of the other participants and the wg subnet

I configured DD-WRT according to this guide. Now I have reconfigured it and unfortunately it doesn't work.
Now from the server I can ping the WG DD-WRT address (10.10.10.3) but I cannot ping anything inside the DD-WRT local network (192.168.2.0)
In turn, from the DD-WRT local network I can ping the address according to 10.10.10.3 but I cannot ping the server address 10.10.10.1.
I am attaching screenshots of the configuration.
Any suggestions what's wrong?

egc
DD-WRT Guru

Joined: 18 Mar 2014
Posts: 12917
Location: Netherlands

Posted: Sun Feb 25, 2024 20:26 Post subject:

On your vps there is overlap of the peers.
You should set the peers addres with /32 e.g. 10.10.10.3/32.

Furthermore on the vps you should allow all traffic coming in on wg0 not only going out of ens6.
Because traffic between the peers comes in on wg0 but also goes out of wg0.

For DDWRT better use for MTU 1420.
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087

Display posts from previous:

Page 1 of 1

DD-WRT Forum Index -> Advanced Networking

All times are GMT

Navigation

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum

Log in

Wireguard client with private IP

Quick Links

Log in