[USG] Wireguard as a client

[vettronics]

I have setup the USG as a Wireguard Client. The connection is established. From the USG SSH command line I can ping the remote wireguard server and all devices in remote Lan. I cannot ping the remote devices from any of my local lan pcs... Local Lan 192.168.2.x ; Remote Lan 192.168.1.x I can see the route is set on USG: "192.168.1.0/24 dev wg0 scope link"

What am I missing that doesnt make the computers connected to USG connect to remote devices?

[dc361]

Does the remote end have a route back to devices on your lan?

[FossoresLP]

I think there could be two issues here, first of all your USG has a route to the remote LAN, but most likely your clients do not, so they do not know, they can reach the remote network via the USG. Second, there could be some routing or firewall issue on the USG, though I'm not quite sure about that.

[vettronics]

Does the remote end have a route back to devices on your lan?

No it doesnt. Is it needed? Because the USG can ping everything on the remote end I thought it was just a problem of USG forwarding local requests...

[vettronics]

I think there could be two issues here, first of all your USG has a route to the remote LAN, but most likely your clients do not, so they do not know, they can reach the remote network via the USG. Second, there could be some routing or firewall issue on the USG, though I'm not quite sure about that.

Yes, I think you are right on the first one. But it should be some configuration on the USG side. Right?

[mhriemers]

Does the remote end have a route back to devices on your lan?

No it doesnt. Is it needed? Because the USG can ping everything on the remote end I thought it was just a problem of USG forwarding local requests...

You need to add 192.168.2.0/24 to the allowed IP's section on the remote server. Otherwise, it doesn't know to route those response packets through the WireGuard tunnel.

[vettronics]

Does the remote end have a route back to devices on your lan?

No it doesnt. Is it needed? Because the USG can ping everything on the remote end I thought it was just a problem of USG forwarding local requests...

You need to add 192.168.2.0/24 to the allowed IP's section on the remote server. Otherwise, it doesn't know to route those response packets through the WireGuard tunnel.

OMG! Thank you @mhriemers that was it all along! worked like a charm. Very nice Christmas present :D Merry Xmas to all \o/

[mhriemers]

Does the remote end have a route back to devices on your lan?

No it doesnt. Is it needed? Because the USG can ping everything on the remote end I thought it was just a problem of USG forwarding local requests...

You need to add 192.168.2.0/24 to the allowed IP's section on the remote server. Otherwise, it doesn't know to route those response packets through the WireGuard tunnel.

OMG! Thank you @mhriemers

that was it all along! worked like a charm. Very nice Christmas present :D

Merry Xmas to all \o/

Happy to help 😄

Merry Christmas 🎄

[FossoresLP]

Thank you for proposing the correct solution mhriemers Closing this now.