[xraive]

I currently have two Netgear R6300v2 routers running Wireguard installed in two locations.

Main Router (server)
Firmware: DD-WRT v3.0-r47381 std (09/08/21)

Remote Router (client)
Firmware: DD-WRT v3.0-r47581 std (10/20/21)

Using egc's DD-WRT server guide I have the sites connected and it ahs been working great so far. I can access devices at both sites with out issue. All traffic from the client goes through the server. The kill switch is enabled on the client.

I can access the client if I enable Remote Management (GUI) but I would like to be able to ssh into the client should the Wireguard connection break. I'm having difficulty getting it to work. Any help you can provide would be greatly appreciated.

Let me know if you require additional information.

Thank you in advance.

[egc]

To make it clear you want to remotely SSH into your router (you enabled remote SSH in the GUI)

If the WireGuard client is active all traffic going out of the router is routed via the WG client.

when you remotely connect to your router for SSH you are connecting via the WAN and as traffic goes out via the WG interface your firewall will block this traffic.

The solution is to use Policy Based routing (PBR).
On the WG client you can set all source IP address in the PBR field except for the routers IP address so that that stays on the WAN interface.

See the WireGuard Client setup guide for more information e.g. the use of CIDR notation.

(The kill switch should not be the problem as that is on the FORWARD chain)

Next WG update will have finer grained PBR possibilities so that you can exclude one port e.g.
exclude port 22 from using the VPN
(if the main developer cooperates )

[xraive]

My apologies for the delay, I'll try that. Looking forward to the changes, to be able to do Port based PBR.

Thanks for all the work you do in these forums.

[egc]

Now In alpha testing I only route sport 22 via the WAN, everything else is routed via the VPN.
This way I can access my router via SSH

But it will take some time before you can find it in a regular build, maybe end of this year.

[the-joker]

[egc]

You can set any port you want, you can set an interface, an IP address, fwmark etc see:
https://man7.org/linux/man-pages/man8/ip-rule.8.html

It is a comma delimited list so you can set more than one.

e.g. add your TV's IP address because it uses Netflix and it is blocked while on VPN.
For that you also have to set the DNS server for the TV different and to use that DNS server to use the WAN (Netflix also checks this).

So set the TV to use e.g. 8.8.4.4. as DNS server (either by static IP address or static lease via DNSMasq and let DNSmasq hand out a different DNS server for that IP address).

Now the next setting comes in handy, in the Destination Routing route 8.8.4.4 also via the WAN and you can see Netflix again on your TV.

I have to test everything and update the documentation

These are the things that can make life easier.

Also thank you for your work in the interface much smoother and nicer