Posted: Wed Feb 01, 2023 12:34 Post subject: [SOLVED] Problem with HTTP using Wireguard on Android
Hi,
I have setup wireguard on an TP-Link ARCHER-C7 v5 on build 49838 following "DDWRT Wireguard Server Setup guide v47.pdf. The Router is connected to another (outer) LAN which then connects to the internet.
I have two peers, one for an Android phone and one for a Windows PC. From the Windows PC all is working fine. But the Android Phone could only connect to the PC using RDP and to the DD-WRT Router Admin HTTP Interface. Other HTTP or SMB sites are not reachable. PCs in the outer LAN are
also reachable from the Android phone using RDP.
Do you have any hints to fix it?
Regards
Last edited by tm2023 on Thu Feb 02, 2023 12:42; edited 1 time in total
One time I use the same Windows PC as peer connected over the internet, the other time I use it in the outer LAN. The outer LAN is 192.168.2.0/24 and the DD-WRT ist connected to it with a static ip address.
IP Addresses / Netmask (CIDR) is 10.4.0.1/24.
The behavior is the same with CVE-2019-14899 Mitigation set or not.
The DDWRT router is in normal gateway mode with subnet 192.168.1.1/24.
The Phone is connected to the internet via the IP6 LTE network of German Telekom.
When the Phone is connected to the WG server it connects only to the PC using RDP on 192.168.2.X.
Nothing else. Or if the PC is connected to the internet via the IP6 LTE network of German Telekom with a MIFI Router and connected to the WG server the phone can connect to it on 10.4.0.7.
For HTTP from the phone only 192.168.1.1 and the static IP of the DDWRT Router 192.168.2.X are working.
On the 192.168.2.1 Router (Speedport from Telekom) there is also running a WG server. With this
the phone has no problems. But the speedport does not support a spoke topology.
Joined: 18 Mar 2014 Posts: 12835 Location: Netherlands
Posted: Wed Feb 01, 2023 14:41 Post subject:
I am running exactly the same setup, my WG server is also a secondary router behind my main router.
I have no problem with my Android phone reaching everything on the WG server routers subnet and on the Main network and have internet access via my WG server, but I have IPv4.
Joined: 18 Mar 2014 Posts: 12835 Location: Netherlands
Posted: Wed Feb 01, 2023 16:47 Post subject:
SSHD is not broken but has been upgraded.
Quote:
If you have trouble connecting with SSH then download the latest Putty and make sure under SSH/Host keys to move ed25519 to the top and untick "Prefer Algorithms for which a host key is known" or forget/remove your known HOST keys (the fingerprints) from your computer.
If you have trouble connecting with WinSCP under Tools/Clean up Clear Cache