VyOs Router 1.3 WireGuard VPN cannot ping Client Peer on Tablet

jcusimano · May 8, 2023, 12:54pm

Hi Here is another part of the config

set protocols static interface-route 10.1.40.0/24 next-hop-interface 10.1.40.4
set protocols static interface-route 10.1.99.0/24 next-hop-interface wg0
set protocols static route 0.0.0.0/0 next-hop 64.131.109.129
set protocols static route 10.0.0.0/14 blackhole
set protocols static route 10.1.0.0/16 blackhole
set protocols static route 10.1.1.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.2.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.3.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.4.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.6.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.8.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.9.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.11.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.12.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.15.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.16.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.17.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.21.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.22.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.23.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.24.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.30.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.31.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.32.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.33.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.34.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.35.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.36.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.37.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.37.0/24 next-hop 64.131.109.129
set protocols static route 10.1.43.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.45.0/24 next-hop 10.1.40.1
set protocols static route 10.1.45.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.46.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.48.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.49.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.50.0/24 next-hop 10.1.40.4
set protocols static route 10.1.51.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.52.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.53.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.54.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.55.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.56.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.57.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.58.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.59.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.60.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.61.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.62.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.63.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.64.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.65.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.66.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.67.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.68.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.69.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.75.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.100.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.1.101.0/24 next-hop 10.1.40.4 distance ‘1’
set protocols static route 10.100.0.0/16 blackhole
set protocols static route 10.101.0.0/16 blackhole
set service dhcp-server shared-network-name LAN subnet 10.1.40.0/24 default-router ‘10.1.40.1’
set service dhcp-server shared-network-name LAN subnet 10.1.40.0/24 dns-server ‘10.1.40.1’
set service dhcp-server shared-network-name LAN subnet 10.1.40.0/24 domain-name ‘ng911test.iit.edu’
set service dhcp-server shared-network-name LAN subnet 10.1.40.0/24 lease ‘86400’
set service dhcp-server shared-network-name LAN subnet 10.1.40.0/24 range 0 start ‘10.1.40.215’
set service dhcp-server shared-network-name LAN subnet 10.1.40.0/24 range 0 stop ‘10.1.40.245’
set service dns forwarding allow-from ‘10.1.0.0/16’
set service dns forwarding cache-size ‘0’
set service dns forwarding listen-address ‘10.1.40.1’
set service dns forwarding name-server ‘10.1.40.250’
set service dns forwarding name-server ‘10.1.40.251’
set service ssh listen-address ‘10.1.40.1’
set service ssh listen-address ‘64.131.109.245’
set service ssh port ‘22’
set service ssh port ‘2222’
set service ssh port ‘22222’
set system config-management commit-revisions ‘100’
set system console device ttyS0 speed ‘115200’
set system host-name ‘vyos’
set system login user vyos authentication encrypted-password ‘$6$hgQAZmJ55s$R.tcaw6CBAlNA.TGhO1a4JHlBf5WmKkMiw5nxZciBu3b9rsrB9ioRh7230kNXOqfmfQKEB.c9lnj.VpZGu5yY.’
set system name-server ‘10.1.40.250’
set system name-server ‘10.1.40.251’
set system ntp server 0.pool.ntp.org
set system ntp server 1.pool.ntp.org
set system ntp server 2.pool.ntp.org
set system syslog global facility all level ‘info’
set system syslog global facility protocols level ‘debug’
set system time-zone ‘America/Chicago’

a.hajiyev · May 8, 2023, 1:15pm

@jcusimano I have applied this part as well. No problem observed.
Please share connection diagram and also check intermediary connections.
In my opinion this parts are OK for wireguard connection.

jcusimano · May 8, 2023, 3:58pm

also here us myL2tp config

set vpn l2tp remote-access authentication local-users username chris password ‘0r@cle!!’
set vpn l2tp remote-access authentication local-users username joe password ‘teamc255’
set vpn l2tp remote-access authentication local-users username tarun password ‘Sf665Pine941o8!’
set vpn l2tp remote-access authentication mode ‘local’
set vpn l2tp remote-access client-ip-pool start ‘10.1.101.2’
set vpn l2tp remote-access client-ip-pool stop ‘10.1.101.254’
set vpn l2tp remote-access ipsec-settings authentication mode ‘pre-shared-secret’
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret ‘5QjQDlgcSDjj5m5oojl1DKkm29t/NL9x’
set vpn l2tp remote-access mtu ‘1492’
set vpn l2tp remote-access name-server ‘10.1.40.1’
set vpn l2tp remote-access outside-address ‘64.131.109.245’
vyos@vyos:~$

a.hajiyev · May 9, 2023, 10:21am

Hi @jcusimano this configuration part also OK

jcusimano · May 9, 2023, 1:42pm

When I apply

set interfaces ethernet eth1 firewall local name ‘wan-local’ I take down all the IPSEC interfaces. I will send the final part of the config which includes them.

jcusimano · May 10, 2023, 1:15am

When I apply

set interfaces ethernet eth1 firewall local name ‘wan-local’ I take down all the IPSEC interfaces. I will send the final part of the config which includes them.

system · May 14, 2023, 1:52am

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.