On 2020-06-14 20:19, Sergey Ivanov wrote:
Hi,
I have a question about wg0 on OpenWRT not forwarding packets from one
client to another. I have a laptop at home in my home LAN, and a
computer at work in a very restricted LAN. They can not see one
another. I spent a lot of time trying to get them connected by adding
their wg0's IP addresses to the AllowedIPs on my home router running
OpenWRT. I saw pings from each of them successfully decrypted (I've
used ping with patterns) on the OpenWRT wg0, but they never got routed
further.
When I decided to try to move the same AllowedIPs from OpenWRT's wg0
to my desktop Fedora, it immediately worked. It looks like some sort
of setting like isolation of the clients, or hairpin mode which is
different on OpenWRT than on Fedora.
Can someone help and suggest what I should look at? I'd like to have
it working on the router which is all time on.
You should look at the firewall in OpenWrt. It's probably dropping or
rejecting the packets. In particular look at the forward option of the
firewall zone assigned to wg0. From the OpenWrt Firewall - Zone Settings
GUI:
the forward option describes the policy for forwarded traffic
between different networks within the zone.
Since WireGuard is a routed (and not bridged) VPN the above setting can
also control forwarding between hosts on the same network.
