Wireguard - Can't access LAN, Can access internet

[davesc63]

Hi all - yes another Wireguard question.

I have attempted to use the kmod and go version with same result.
Currently I can access the internet from my peer (iPhone / Mac) but cannot access any LAN devices. I feel I have exhausted all options, so hoping for fresh eyes to help.

I am leaning towards a routing issue, but I can't work out how to resolve.

Environment: (/24 subnetting)
Proxmox host - 192.168.4.2
Opnsense VM - 192.168.4.254 (LAN), 10.1.1.1 (wireguard tunnel)
iPhone peer - 10.1.1.2

Opnsense can ping itself (10.1.1.1) and can ping the peer (10.1.1.2)
LAN servers such as Ubuntu LXC (192.168.4.105) or Proxmox host (192.168.4.2) both cannot ping the peer

I do not enable any firewalls on proxmox or the LXC's / VM's
I have run a pve-firewall disable to ensure no firewall is running from proxmox

I have added source NAT rules to try to force wireguard traffic from LAN back to wireguard interface but it doesnt appear to make any difference.

I have openVPN configured and this all runs fine. I was hoping to convert to wireguard but i've spent far too much time trying to solve this.

Some screenshots:












LAN rules

LAN host pinging wiregueard peer

LAN host pinging peer



OPNSense can ping the peer

No traffic on wireguard interface when LAN host pinging

Route table

Wireguard Rules

Wireguard to LAN detailed. log

Wireguard to LAN allow

[davesc63]

I'm going to say that this is now RESOLVED, but not fully SOLVED with a root cause.

I had first installed the wireguard kmod version and was unable to access LAN clients.
I assumed maybe this version of the plugin wasnt as mature, so removed and installed the Go version
I didn't like feeling defeated, so I removed wireguard interface, plugin, rules / NATs, and decided to start again (Now only takes a few mins for me to set up after so many attempts)

I then took a look at the Wireguard - Log File and from the previous installation there were entries related to setting up a routing command an exiting with error code "1" with a response of " ". (I stupidly cleared the log rather than taking a screenshot or copy/paste!) - basically it was telling me that wireguard was unable to set routes related to 192.168.4.0 (LAN)

So this final attempt at removing all rules / interfaces and starting  fresh (plus lots of reboots at each step!!!) has now got it performing as desired.

Surprised that the routing error wasn't easily visible in the dashboard or any indication that a key function - routing - was unable to be applied

[bazsa79]

Hello!

Could you send an example of what needs to be set (interface sets, static route sets, manual gateway sets)? I can't access the LAN under OpenVPN and WireGuard too. (Can access internet - tracert)
My LAN network: 10.10.0.0/16
GW: 10.10.0.1

My WireGurad network:
192.168.150.0/24
GW: 192.168.150.1 i think
IP: 192.168.150.10/32

My external IP: 195.199.193.X

Thanks in advance for any help!
Balázs