Question

Hello,

I have a RUT240 with last firmware (RUT2_R_00.07.03.3), its LAN address is 192.168.0.100 and it has one Wireguard tunnel configured and working (with tunnel IP 192.168.93.2)

One weird thing is going on this week, I don't remember changing any configuration except upgrading the firmware to the latest version:

I have two machines in the LAN subnet (192.168.0.10 and 192.168.0.11) which I need to reach through Wireguard tunnel. Both machines were reachable without any problem until this week. I don't understand why, but now I can't reach 192.168.0.10 through wireguard tunnel. It is reachable through LAN though.

The other one, .0.11 is reachable as always through Wireguard tunnel and LAN.

Normal ping is working. But ping from wireguard interface isn't going through. When I try to inspect it using tcpdump after issuing a ping 192.168.0.10 -I 192.168.93.2 I receive this:



Looks like there is an ARP request for 192.168.0.1. What does that mean? There is no 0.1 in this schema (remember that this router IP is 192.168.0.100)

And here are pictures of the wireguard configuration.

And this is the routing table:

No IPv4 or v6 manual routes configured. I already tried restarting the router but nothing changed.

Any help is appreciated. I don't know what could be the cause, as communication with .0.11 is OK.

Answer 1

Hi,

What are the network settings on your 192.168.0.10 machine? Is it using DHCP?

You said you can ping the device from the LAN. Are you pinging from RUT240 or the other device on LAN?

If it happened after the update and nothing else changed, is it possible that you updated the firmware with 'keep settings' option turned 'on'? It is recommended to update with this option set to 'off' as there can be issues when migrating configurations to a newer version that have major differences. Try restoring the settings to factory defaults (you will have to reconfigure your device). 

Also, please provide a troubleshoot file. It would be great to see the full topology as well. Troubleshoot file can be downloaded from the WebUI by navigating to System -> Administration -> Troubleshoot.

Kind Regards,

Andzej

Comments

Hello,

- The 192.168.0.10 machine is configured with a static IP, same the 192.168.0.11 (which is working)

- The ping we are attempting is done from the RUT240 to the other device on LAN

- Yes, I updated the firmware with "keep settings" on. The issue is I'm controlling the router remotely (vía VPN), i'm far away from the router. If I reset to factory settings, I'd lose access to it.

- I edited the main post uploading the troubleshoot file.

Thank you!

---

Hi,

Assuming the device (192.168.0.10) uses RUT240 as the internet source, can it actually access the internet? 

Could you please check if the correct default gateway is configured on your end device (192.168.0.10)? The gateway should point to the router (192.168.0.100).

Also, if the correct gateway is configured, would it be possible for you to send me a TCPdump file? You can download TCPdump package from Services -> Package Manager -> Packages. Then, you can enable TCPDump on the interface in System -> Administration -> Troubleshoot. Turn on TCPdump, try pinging both devices from the wireguard tunnel side, and then download the TCPDump file.

Kind Regards,

Andzej

---

Hello,

The issue got solved after I enabled masquerading at LAN->Wireguard zone in Firewall configuration.

Thank you very much for your help.