ER7206 - Wireguard "Allowed Address" issue

ER7206 - Wireguard "Allowed Address" issue

37 Reply
Re:ER7206 - Wireguard "Allowed Address" issue
2024-06-12 04:18:15

@Clive_A

 

Do you still think it is something to do with my router config or PC network.

 

it seems everyone else's saying it is the limitation of the TP-link firmware ( like Policy Based Routing )

 

 

  0  
  0  
#22
Options
Re:ER7206 - Wireguard "Allowed Address" issue
2024-06-12 06:49:55

Hi @Navas1 

Thanks for posting in our business forum.

How do you set up the remote peer? WG int? Do you have the config screenshots?

Please mosaic your sensitive information. Here is a list of information considered sensitive:

1. Public IP address on your WAN if your WAN is.

2. Real MAC address of your device.

3. Your personal information including address, domain name, and credentials.

For troubleshooting purposes, when a WAN IP is needed, please leave some values visible for identification.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#23
Options
Re:ER7206 - Wireguard "Allowed Address" issue
2024-06-12 07:13:37

Hi

 

Here is the wireguard app config which I use in my mac to connect

 

 

Please let me know if you need any more info.

  0  
  0  
#24
Options
Re:ER7206 - Wireguard "Allowed Address" issue
2024-06-12 07:26:36 - last edited 2024-06-12 07:31:37

Hi @Navas1 

Thanks for posting in our business forum.

Navas1 wrote

Hi

 

Here is the wireguard app config which I use in my mac to connect

 

 

 

Please let me know if you need any more info.

Wait a second. Did you say that you have other clients using 192.168.4.0/24, but now this is a single computer with a single IP 192.168.4.0/24? Not sure if I have told you to check the firewall if possible.

I mean where do 192.168.4.0/24 IPs come from? The remote is a single computer, the router is connected to a peer that is a computer?

Diagram with the clients marked out for clarification.

 

 

 

If you are telling me that you have this current config, and this is how you set it up, then the whole conversation was not right in the first place. This is merely a config issue which you did not carefully read the configuration guide which explicitly shows how you should specify the peer and allowed IPs.

I still don't understand how you interpret that c) where clearly you don't have a remote peer falls into 192.168.4.0/24. This is a single computer and it should be configured to 192.168.0.0/24 instead of 192.168.4.0/24.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#25
Options
Re:ER7206 - Wireguard "Allowed Address" issue
2024-06-12 07:32:57

Hi @Navas1 

Thanks for posting in our business forum.

Navas1 wrote

@Clive_A

 

Do you still think it is something to do with my router config or PC network.

 

it seems everyone else's saying it is the limitation of the TP-link firmware ( like Policy Based Routing )

 

 

No. I would appreciate it if you could read and understand how WG works. Instead of pointing fingers at the firmware. The WG is not full-feathered but it still works as intended as a VPN tool.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#26
Options
Re:ER7206 - Wireguard "Allowed Address" issue
2024-06-13 01:17:57

  @Clive_A 

 

The screenshot I provided is a WG peer which was setup in my PC so that I can access all my other WG peers. I wanted to achieve the same thing in the ER7206 router.

 

Are you telling me that this feature exists in the firmware? I see many people mentioned that it is something to do with "policy based routing" with no "confirmed ETA" . Last time I checked it was supposed to be released in 2024 Q1 and it is almost end of the 2024 Q2. 

 

you keep saying that I need to read the documentation, but please understand that I am not an idiot. 

 

I requirement is simple. 

 

I want my ER7206 act as a WG peer and I want to access all of my other WG peers using the router itself from all the LAN clients connected to the router without installing individual WG clients at every LAN clients. Also at the same time I don't want my internet traffic goes through WG tunnel. I just wanted to access my WG peer.

 

Please let me know if that makes any sense at all.

 

 

  0  
  0  
#27
Options
Re:ER7206 - Wireguard "Allowed Address" issue
2024-06-13 01:25:05 - last edited 2024-06-13 01:29:29

@Navas1

1. Wireguard policy routing

2. I have to squeeze every single detail about your setup into each reply. I don't know if it is too hard for you to make it all clear in just a single post. I have to rewind everything every time and find out what's wrong. And you seem to be a smart one that has already reexamined everything. I'd say I am not capable of finding out what's wrong on your current information.

If you are capable of troubleshooting this, then good luck hunting.

The configuration guide has something similar to this as well.

 

Oh. BTW, all the times we provided are ETA. Not guarantee.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#28
Options
Re:ER7206 - Wireguard "Allowed Address" issue
2024-06-13 01:42:29 - last edited 2024-06-13 01:52:26

 @Navas1 

Draw yourself a diagram and see what's wrong with your setup.

I have some guesses about what's wrong but you are not providing the information to me. I leave that blank and untold.

 

If you have read the guides, and you asked somewhere else, whoever recommends you set up the WG interface IP to be the same? At least all the guides I wrote were never instructing anyone to set it up like that.

 

And it is still a problem with your allowed IPs. Why not post the datacenter config which you have mentioned so many times? But instead, you showed a picture of a PC? It's too confusing with your mind note.

 

Diagram. Literally. If you cannot think of the whole net with your brain, then draw a diagram, mark the IPs up, and with your knowledge about the WG, it will be clear. And think about what's wrong and what should be configured in what manner.

 

 

P.S. It has nothing to do with the Wireguard PBR AFAICS. Even if you have WG PBR, it would not work as your setup is incorrect. Don't blame this for missing a feature. It does not matter that much.

Nobody can help you if you hide something and leave it untold. Good hunting.
 

 

Based on your description, what's been drawn:

[sic]

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#29
Options
Re:ER7206 - Wireguard "Allowed Address" issue
2024-06-13 02:52:07

Hi, thank you for your response and I appreciate your patience . sorry I am little frusturated

 

here is image you are looking for , please let me know if that make sense. All I need is my "PC 1" and "PC 2" should connect "PC 3" . but I don't want my whole internet traffic goes through wireguard tunnel. is that make sense ?

 

 

 

  0  
  0  
#30
Options
Re:ER7206 - Wireguard "Allowed Address" issue
2024-06-13 03:42:27

  @Navas1 

Modify the peer. I don't know WG server LAN IP but if you need to access the LAN of the WG server, you need to put the allowed IP in the peer settings, too.

Again, it is still an Allowed IP thing.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#31
Options