Data does not pass through wireguard client

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Data does not pass through wireguard client

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Data does not pass through wireguard client
Data does not pass through wireguard client
2024-02-10 09:37:12 - last edited 2024-02-20 08:42:57
Model: Archer AX55  
Hardware Version: V1
Firmware Version: 1.2.6 Build 20231130 rel.36135(5255)

On the router, the WG vpn client shows that it is connected, but data is not transmitted through the tunnel. I tried ping to the WG server, telnet to different ports (they are open) of the WG server, it does not ping and does not connect to the ports
If I create a WG connection on the PC with the same settings, then everything works.

From PC:

From router

Any ideas?

Thanks

  0      
  0      
#1
Options
1 Accepted Solution
Re:Data does not pass through wireguard client-Solution
2024-02-11 08:47:40 - last edited 2024-02-20 08:42:57
Yes, you are right woozle. After adding the device to the Device List, packets began to be transmitted. This is strange behavior (from the vendor), because in all configuration guides, if the VPN client is allowed, then it can transmit data to the VPN tunnel. And as you can see from my case, this is confusing and questions like this arise) But I need to allow the entire LAN to use the VPN tunnel. What to do in this case?
Recommended Solution
  0  
  0  
#3
Options
6 Reply
Re:Data does not pass through wireguard client
2024-02-10 16:37:51 - last edited 2024-02-10 16:39:59

  @eing2EeM 

 

Hi,

 

Below the "Server List" there should be a "Device List". Have you added your computer to that device list?

 

I am not sure whether the Diagnostics feature of the router can actually connect through the VPN connection.

  0  
  0  
#2
Options
Re:Data does not pass through wireguard client-Solution
2024-02-11 08:47:40 - last edited 2024-02-20 08:42:57
Yes, you are right woozle. After adding the device to the Device List, packets began to be transmitted. This is strange behavior (from the vendor), because in all configuration guides, if the VPN client is allowed, then it can transmit data to the VPN tunnel. And as you can see from my case, this is confusing and questions like this arise) But I need to allow the entire LAN to use the VPN tunnel. What to do in this case?
Recommended Solution
  0  
  0  
#3
Options
Re:Data does not pass through wireguard client
2024-02-11 16:35:40

  @eing2EeM 

 

Apparently this case is not something TP-Link has envisaged. 

 

  0  
  0  
#4
Options
Re:Data does not pass through wireguard client
2024-02-12 11:26:04

Yes, technical support replied that it is impossible to specify the IP subnet. Strange decision, cutting off standard WireGuard capabilities

  0  
  0  
#5
Options
Re:Data does not pass through wireguard client
2024-02-20 08:38:56

  @eing2EeM 

 

Thank you very much for the feedback.

You mean you would like to add all client devices to the VPN device list via a simple button instead of adding them into the device list manually, right?

I will record your suggestion and report to development team for evaluation.

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router EasyMesh Is Available When Wi-Fi Routers Work in AP Mode as A Controller. Archer BE550 New Software Enhances System Stability and Optimizes MLO Network Stability. TL-WA3001 Supports EasyMesh, Speed Limit, Guest Network in AP Mode and/or Multi-SSID Mode. If you found the post or response helpful, please click Helpful. If an answer solves your problem, click "Recommended Solution" so that others can benefit from it.
  0  
  0  
#6
Options
Re:Data does not pass through wireguard client
2024-02-20 09:00:01 - last edited 2024-02-20 09:34:20

  @Sunshine 

Yes, so that I should specify the LAN subnet and/or hosts, as I can do it in regular Linux or in Mikrotik.

Device list(AllowedIPs) may be: IP subnet, hosts, IP subnet OR hosts, IP subnet AND hosts, Any (0.0.0.0/0)

 

Example of working linux configuration

### Server
cat /etc/wireguard/wg0-server.conf
[Interface]
Address = 10.128.0.1/24
SaveConfig = false
ListenPort = 51820
PrivateKey = MIaHo
[Peer]
PublicKey = 0QOz
AllowedIPs = 10.128.0.3/32,172.16.102.0/24

 

### Client
cat /etc/wireguard/wg0-client.conf
[Interface]
Address = 10.128.0.3/24
PrivateKey = yJQHJ
[Peer]
PublicKey = 9tak
AllowedIPs = 10.128.0.0/24,172.16.102.0/24
Endpoint = vpn,example,com:51820
PersistentKeepalive = 25

 

a little humor :)

  0  
  0  
#7
Options