ER7206 - Wireguard "Allowed Address" issue
Please refer to the following topic
https://community.tp-link.com/en/business/forum/topic/636906
I have the same exact problem on my ER7206 router
when I set "Allowed Address" to "0.0.0.0/0" I have no issues pinging all my wireguard LAN IP's but the same time all of my gateway traffic is routed through the VPN tunnel which I don't want that. If I set to "Allowed Address" to "192.168.4.0/24" then I can't ping any Wireguard LAN IPs.
Can any one help me setting up the right way ?
Thanks
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Thanks for your response.
I tried to add peers as you mentioned but it didn't work either.
FYI, the existing router ( openwrt ) which I used doesn't require any kind of changes in the peer. I am not blaming on TP-link. just trying to give you a clear picture.
I don't need to access my WG server LAN. I just wanted to access the peers connecting through WG server.
this is the screen shot of WG server config, do you think it need changes ?
- Copy Link
- Report Inappropriate Content
As the data center server?
We don't support iptables. I am not sure why WG would contain the iptables in the interface.
- Copy Link
- Report Inappropriate Content
WG server, data center
[Interface]
PrivateKey = key
Address = 192.168.4.1/32
ListenPort = 51820
[Peer]
# Router1
PublicKey = key1
AllowedIPs = 192.168.0.0/24
[Peer]
# Router2
PublicKey = key2
AllowedIPs = 192.168.1.0/24
Are you sure that you configured in this way?
For the Router 1 and 2, you can add, e.g.:
[Interface]
PrivateKey = key
Address = 192.168.4.8/32
[Peer]
# WireGuard Server
PublicKey = key
Endpoint = center:51820
AllowedIPs = 192.168.4.1/32, 192.168.1.0/24
PersistentKeepalive = 25
Just like what I described earlier but with an additional 192.168.4.1/32. If this does not work, I run out of ideas.
- Copy Link
- Report Inappropriate Content
Thank you for your reponse, appreciated.
Sorry, just one question.
I am running ER7206 as a standalone router, I only have option for adding one subnet, should I use router to SDN module to add additional subnets ?
- Copy Link
- Report Inappropriate Content
If you have read my guides, this is self-evident. Standalone and controller mode have its own advantages in certain situations.
- Copy Link
- Report Inappropriate Content
Thank you for your response, let me connect my router to a SDN software controller and will keep you updated.
- Copy Link
- Report Inappropriate Content
@Navas1 did you fix that? I'm expericing same problem.
I installed two VPNs, being one acting as a server and other as a client (must only connect on endpoint), both allowing only some restrict IPs (corresponding the lan IP).
Server Wireguard is working fine. I can access and ping all allowed IPs, however the Wireguard client (which only connect on remote IP) doesn't work! It shows as connected, but I can't ping or access the PC remotly!
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 3036
Replies: 37
Voters 0
No one has voted for it yet.