Using egc's DD-WRT server guide I have the sites connected and it ahs been working great so far. I can access devices at both sites with out issue. All traffic from the client goes through the server. The kill switch is enabled on the client.
I can access the client if I enable Remote Management (GUI) but I would like to be able to ssh into the client should the Wireguard connection break. I'm having difficulty getting it to work. Any help you can provide would be greatly appreciated.
Let me know if you require additional information.
Joined: 18 Mar 2014 Posts: 12917 Location: Netherlands
Posted: Mon Oct 25, 2021 10:39 Post subject:
To make it clear you want to remotely SSH into your router (you enabled remote SSH in the GUI)
If the WireGuard client is active all traffic going out of the router is routed via the WG client.
when you remotely connect to your router for SSH you are connecting via the WAN and as traffic goes out via the WG interface your firewall will block this traffic.
The solution is to use Policy Based routing (PBR).
On the WG client you can set all source IP address in the PBR field except for the routers IP address so that that stays on the WAN interface.
See the WireGuard Client setup guide for more information e.g. the use of CIDR notation.
(The kill switch should not be the problem as that is on the FORWARD chain)
It is a comma delimited list so you can set more than one.
e.g. add your TV's IP address because it uses Netflix and it is blocked while on VPN.
For that you also have to set the DNS server for the TV different and to use that DNS server to use the WAN (Netflix also checks this).
So set the TV to use e.g. 8.8.4.4. as DNS server (either by static IP address or static lease via DNSMasq and let DNSmasq hand out a different DNS server for that IP address).
Now the next setting comes in handy, in the Destination Routing route 8.8.4.4 also via the WAN and you can see Netflix again on your TV.
I have to test everything and update the documentation