ER7206 - Wireguard "Allowed Address" issue
Please refer to the following topic
https://community.tp-link.com/en/business/forum/topic/636906
I have the same exact problem on my ER7206 router
when I set "Allowed Address" to "0.0.0.0/0" I have no issues pinging all my wireguard LAN IP's but the same time all of my gateway traffic is routed through the VPN tunnel which I don't want that. If I set to "Allowed Address" to "192.168.4.0/24" then I can't ping any Wireguard LAN IPs.
Can any one help me setting up the right way ?
Thanks
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Do you still think it is something to do with my router config or PC network.
it seems everyone else's saying it is the limitation of the TP-link firmware ( like Policy Based Routing )
- Copy Link
- Report Inappropriate Content
Hi @Navas1
Thanks for posting in our business forum.
How do you set up the remote peer? WG int? Do you have the config screenshots?
Please mosaic your sensitive information. Here is a list of information considered sensitive:
1. Public IP address on your WAN if your WAN is.
2. Real MAC address of your device.
3. Your personal information including address, domain name, and credentials.
For troubleshooting purposes, when a WAN IP is needed, please leave some values visible for identification.
- Copy Link
- Report Inappropriate Content
Hi
Here is the wireguard app config which I use in my mac to connect
Please let me know if you need any more info.
- Copy Link
- Report Inappropriate Content
Hi @Navas1
Thanks for posting in our business forum.
Navas1 wrote
Hi
Here is the wireguard app config which I use in my mac to connect
Please let me know if you need any more info.
Wait a second. Did you say that you have other clients using 192.168.4.0/24, but now this is a single computer with a single IP 192.168.4.0/24? Not sure if I have told you to check the firewall if possible.
I mean where do 192.168.4.0/24 IPs come from? The remote is a single computer, the router is connected to a peer that is a computer?
Diagram with the clients marked out for clarification.
If you are telling me that you have this current config, and this is how you set it up, then the whole conversation was not right in the first place. This is merely a config issue which you did not carefully read the configuration guide which explicitly shows how you should specify the peer and allowed IPs.
I still don't understand how you interpret that c) where clearly you don't have a remote peer falls into 192.168.4.0/24. This is a single computer and it should be configured to 192.168.0.0/24 instead of 192.168.4.0/24.
- Copy Link
- Report Inappropriate Content
Hi @Navas1
Thanks for posting in our business forum.
Navas1 wrote
Do you still think it is something to do with my router config or PC network.
it seems everyone else's saying it is the limitation of the TP-link firmware ( like Policy Based Routing )
No. I would appreciate it if you could read and understand how WG works. Instead of pointing fingers at the firmware. The WG is not full-feathered but it still works as intended as a VPN tool.
- Copy Link
- Report Inappropriate Content
The screenshot I provided is a WG peer which was setup in my PC so that I can access all my other WG peers. I wanted to achieve the same thing in the ER7206 router.
Are you telling me that this feature exists in the firmware? I see many people mentioned that it is something to do with "policy based routing" with no "confirmed ETA" . Last time I checked it was supposed to be released in 2024 Q1 and it is almost end of the 2024 Q2.
you keep saying that I need to read the documentation, but please understand that I am not an idiot.
I requirement is simple.
I want my ER7206 act as a WG peer and I want to access all of my other WG peers using the router itself from all the LAN clients connected to the router without installing individual WG clients at every LAN clients. Also at the same time I don't want my internet traffic goes through WG tunnel. I just wanted to access my WG peer.
Please let me know if that makes any sense at all.
- Copy Link
- Report Inappropriate Content
2. I have to squeeze every single detail about your setup into each reply. I don't know if it is too hard for you to make it all clear in just a single post. I have to rewind everything every time and find out what's wrong. And you seem to be a smart one that has already reexamined everything. I'd say I am not capable of finding out what's wrong on your current information.
If you are capable of troubleshooting this, then good luck hunting.
The configuration guide has something similar to this as well.
Oh. BTW, all the times we provided are ETA. Not guarantee.
- Copy Link
- Report Inappropriate Content
Draw yourself a diagram and see what's wrong with your setup.
I have some guesses about what's wrong but you are not providing the information to me. I leave that blank and untold.
If you have read the guides, and you asked somewhere else, whoever recommends you set up the WG interface IP to be the same? At least all the guides I wrote were never instructing anyone to set it up like that.
And it is still a problem with your allowed IPs. Why not post the datacenter config which you have mentioned so many times? But instead, you showed a picture of a PC? It's too confusing with your mind note.
Diagram. Literally. If you cannot think of the whole net with your brain, then draw a diagram, mark the IPs up, and with your knowledge about the WG, it will be clear. And think about what's wrong and what should be configured in what manner.
P.S. It has nothing to do with the Wireguard PBR AFAICS. Even if you have WG PBR, it would not work as your setup is incorrect. Don't blame this for missing a feature. It does not matter that much.
Nobody can help you if you hide something and leave it untold. Good hunting.
Based on your description, what's been drawn:
[sic]
- Copy Link
- Report Inappropriate Content
Hi, thank you for your response and I appreciate your patience . sorry I am little frusturated
here is image you are looking for , please let me know if that make sense. All I need is my "PC 1" and "PC 2" should connect "PC 3" . but I don't want my whole internet traffic goes through wireguard tunnel. is that make sense ?
- Copy Link
- Report Inappropriate Content
Modify the peer. I don't know WG server LAN IP but if you need to access the LAN of the WG server, you need to put the allowed IP in the peer settings, too.
Again, it is still an Allowed IP thing.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 3035
Replies: 37
Voters 0
No one has voted for it yet.