The issue I’m having is that I can’t access hosts on my LAN from my laptop via wireguard
Any thoughts on how to fix this ?
I’ve tried different incantations of next-hop, but it doesn’t work
This is the error I’m getting
ping hermes
PING hermes (192.168.23.25): 56 data bytes
92 bytes from 192.168.10.1: Destination Host Unreachable
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 5400 8ab1 0 0000 3f 01 4e8b 192.168.10.3 192.168.23.25
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
And this is my config
firewall {
all-ping enable
broadcast-ping disable
config-trap disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name FROM-EXTERNAL {
default-action drop
rule 10 {
action accept
state {
established enable
related enable
}
}
}
name LAN-TO-LAN {
default-action accept
}
name TO-ROUTER {
default-action drop
rule 10 {
action accept
state {
established enable
related enable
}
}
rule 20 {
action accept
icmp {
type-name echo-request
}
protocol icmp
state {
new enable
}
}
rule 30 {
action accept
destination {
port 2294
}
protocol udp
}
rule 40 {
action accept
destination {
port 2284
}
protocol udp
}
}
receive-redirects disable
send-redirects disable
source-validation disable
syn-cookies enable
twa-hazards-protection disable
}
interfaces {
ethernet eth0 {
address dhcp
description WAN
duplex auto
firewall {
in {
name FROM-EXTERNAL
}
local {
name TO-ROUTER
}
}
hw-id **************
smp-affinity auto
speed auto
}
ethernet eth1 {
address 192.168.23.1/24
description LAN
duplex auto
firewall {
in {
name LAN-TO-LAN
}
}
hw-id *************
smp-affinity auto
speed auto
traffic-policy {
out EGRESS_QOS
}
}
loopback lo {
}
openvpn vtun0 {
local-port 2294
mode server
openvpn-option comp-lzo
server {
domain-name *******************
name-server 192.168.23.1
push-route 192.168.23.0/24
subnet 192.168.70.0/24
}
tls {
}
}
wireguard wg0 {
address 192.168.10.1/24
description wg-roadwarrior
peer macbook {
allowed-ips 192.168.10.3/32
pubkey ****************
}
peer mobile {
allowed-ips 192.168.10.2/32
pubkey ****************
}
port 2284
}
}
nat {
destination {
}
source {
rule 100 {
outbound-interface eth0
source {
address 192.168.23.0/24
}
translation {
address masquerade
}
}
rule 200 {
outbound-interface eth0
source {
address 192.168.10.0/24
}
translation {
address masquerade
}
}
}
}
protocols {
static {
interface-route 192.168.10.0/24 {
next-hop-interface wg0 {
}
}
}
}
service {
dhcp-server {
shared-network-name LAN_POOL {
authoritative
subnet 192.168.23.0/24 {
default-router 192.168.23.1
dns-server 192.168.23.1
domain-name *********
lease 604800
range 0 {
start 192.168.23.200
stop 192.168.23.245
}
}
}
}
dns {
forwarding {
allow-from 0.0.0.0/0
allow-from ::/0
cache-size 2048
listen-on eth1
listen-on vtun0
listen-on wg0
system
}
}
ssh {
disable-password-authentication
port 22
}
}