Question

Hello,

I successfully configured a Wireguard connection between an IPad and the RUT955. It is possible to reach the Router on his VPN private address (10.10.x.1) and it local LAN Adress (192.168.x.1).

I like to connect to other devices in the router LAN (192.168.x.10, 192.168.x.20). Allowed IPs on the IPad WG Client are 10.10.x.1/32, 192.168.x.0/24), so from this side I should work.

What is the correct firewall setup to get behind the router in the LAN?

Thanks for advice.

Answer 1

Problem solved.

Two steps are necessary:

1) add static route to the lan net work:

main table, lan, 192.168.x.0, 255.255.255.0, 192.168.x.1

2) in the firewall, add the lan zone to the wg zone.

easy, when you know...

Comments

Champion! Thank you 

---

how can I add the lan zone to the wg zone? on rutx12

---

In Network->Firewall->General Settings, set Lan->Wireguard.(Inpout, Output, Forward) and Wireguard->Lan.(Input, Output, Forward) to Accept, and set Masquerade for both.