Wireguard routing issue

[shtech]

When a device on siteB sends data to a device on siteA i can see that the traffic is sent through the wg1 interface. From siteB the connection is working fine.

When a device on siteA sends data to a device on siteB, it tries to send that data out the wan interface. SiteA System>Route shows there is a route for siteB's network pointing to wg1. I'm not sure what is wrong, as I have gone back over the doc for s2s multiple times. SiteA just won't route the traffic through the wg1 interface, even though there is a route statement for it.

SiteA LAN: 192.168.3.0/24
SiteB LAN: 192.168.2.0/24

SiteA route:

Code Select Expand

ipv4 192.168.2.0/24 link#11 US NaN 1420 wg1

SiteA log file where dst contains 192.168.2:

Code Select Expand

WAN2 2023-11-09T12:22:16-05:00 x.x.x.x 192.168.2.193 icmp let out anything from firewall host itself (force gw)

lan 2023-11-09T12:22:16-05:00 192.168.3.212 192.168.2.193 icmp Default allow LAN to any rule

Now what happens from siteB:

Code Select Expand

wg1 2023-11-09T12:23:56-05:00 192.168.2.193 192.168.3.33 icmp

[shtech]

I found the issue.

The reason that traffic was trying to go out the lan was due to the wan group for Lan net. Changed it to default and it now works. SiteA can access siteB.

Also, curious what changing the lan net default gw from the wan group to the default will do to gateway switching.

[Bob.Dig]

Also, curious what changing the lan net default gw from the wan group to the default will do to gateway switching.

Everything. If you want to make rules for "internet use" then create an rfc1918 alias, define that as the inverted destination in the last rule and put your "wan group" there.

[Bob.Dig]

...

[ravenmaster887]

*deleted*