Issue with route-allowed-ips flag

[mcdallas]

I have a wireguard server at 192.168.5.1/24 and I am trying to use my router (192.168.5.11) as a client.

When I set on my router's config peer section allowed-ips = 192.168.5.1/24 and route-allowed-ips = true everything seems to work, i.e I can ssh into the router and ping 192.168.5.1 and also ping 192.168.5.11 from the server.

However I want to route all my traffic through wg0. When I set allowed-ips = 0.0.0.0/0 and route-allowed-ips = false I can no longer ping the server from the router or vice versa. The connection seems to be up and I see some packets with tcpdump so I'm not sure what the issue is.

[dc361]

I also saw this on an ERL that I was setting up a few weeks ago. I think the 'fix' was to define a static routes to the peer's endpoint ip address and add a default route using the wireguard interface. Let me/us know if that worked.

set protocols static interface-route 0.0.0.0/0 next-hop-interface wg0

set protocols static route 111.22.33.44/32 next-hop 192.168.32.1  # <- my current gateway router's lan subnet

[mcdallas]

@dc361 there is already a route for 0.0.0.0/0 thought that forwards to my ISP via eth0, did you delete that one?

[dc361]

@mcdallas My ERL is behind another router (thus the 192.168.32.1 address) and it did not have a route to the default route through the next hop router so (as far as I remember) I had to add it.

We are dangerously close to 'support' vs 'bug reporting' here but I was wondering if other ER wireguard users have seen similar things. I know on my windows and IOS peers all I had to do was add the allowed ip of 0.0.0.0/0 and I didn't have to tweak routes or set route-allowed-ips to false so I'm wondering what is different about the ER implementation.