Hi
Have tried to ping host on right lan:
vyos@Client1# ping 10.1.40.100
PING 10.1.40.100 (10.1.40.100) 56(84) bytes of data.
64 bytes from 10.1.40.100: icmp_seq=1 ttl=128 time=0.336 ms
64 bytes from 10.1.40.100: icmp_seq=2 ttl=128 time=1.15 ms
64 bytes from 10.1.40.100: icmp_seq=3 ttl=128 time=1.05 ms
^C
— 10.1.40.100 ping statistics —
3 packets transmitted, 3 received, 0% packet loss, time 2014ms
rtt min/avg/max/mdev = 0.336/0.850/1.159/0.366 ms
That seems to work
Have tried to tracert from Right PC to left Router LAN interface:
C:\Users\admin>tracert 10.1.40.1
Tracing route to 10.1.40.1 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 10.1.30.1
2 2 ms 1 ms 1 ms 10.1.10.1
3 3 ms 2 ms 2 ms 192.168.254.1
4 3 ms 2 ms 1 ms 192.168.250.1
Looks like data is going the wrong way out of my Router
Do you set static routes via wgX interface?
router “left”
set interfaces ethernet eth0 address '10.1.10.2/24'
set interfaces ethernet eth1 address '10.1.30.1/24'
set interfaces wireguard wg1 address '10.1.100.1/30'
set interfaces wireguard wg1 description 'Client'
set interfaces wireguard wg1 peer PEER01 allowed-ips '10.1.100.0/24'
set interfaces wireguard wg1 peer PEER01 allowed-ips '10.1.40.0/24'
set interfaces wireguard wg1 peer PEER01 endpoint '10.1.20.2:12345'
set interfaces wireguard wg1 peer PEER01 pubkey 'unLicwlFoH2K1tgWJiep7H9YNW8pZmQ4UByJTDna4lY='
set interfaces wireguard wg1 port '12345'
set nat source rule 100 outbound-interface 'eth0'
set nat source rule 100 source address '10.1.30.0/24'
set nat source rule 100 translation address 'masquerade'
set protocols static interface-route 10.1.40.0/24 next-hop-interface wg1
set protocols static route 0.0.0.0/0 next-hop 10.1.10.1
set system host-name 'left'
router “right”
set interfaces ethernet eth0 address '10.1.20.2/24'
set interfaces ethernet eth1 address '10.1.40.1/24'
set interfaces wireguard wg1 address '10.1.100.2/30'
set interfaces wireguard wg1 description 'Server-SERVER-10.1.10.2'
set interfaces wireguard wg1 peer SERVER allowed-ips '10.1.100.0/24'
set interfaces wireguard wg1 peer SERVER allowed-ips '10.1.30.0/24'
set interfaces wireguard wg1 peer SERVER endpoint '10.1.10.2:12345'
set interfaces wireguard wg1 peer SERVER pubkey 'b4612Vv/jeL2DRT/YHFrFi+QxhBaKifIRj7ksg8PQS0='
set interfaces wireguard wg1 port '12345'
set nat source rule 100 outbound-interface 'eth0'
set nat source rule 100 source address '10.1.40.0/24'
set nat source rule 100 translation address 'masquerade'
set protocols static interface-route 10.1.30.0/24 next-hop-interface wg1
set protocols static interface-route 10.1.100.0/24 next-hop-interface wg1
set protocols static route 0.0.0.0/0 next-hop 10.1.20.1
set system host-name 'right'
Trceroute from “left-lan” to “right-lan”
vyos@left-lan:~$ traceroute 10.1.40.100
traceroute to 10.1.40.100 (10.1.40.100), 30 hops max, 60 byte packets
1 10.1.30.1 (10.1.30.1) 1.498 ms 1.464 ms 1.451 ms
2 10.1.100.2 (10.1.100.2) 24.870 ms 25.039 ms 25.026 ms
3 10.1.40.100 (10.1.40.100) 25.098 ms 25.078 ms 25.041 ms
vyos@left-lan:~$ show int
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
eth0 10.1.30.100/24 u/u@Viacheslav
Hi
Thanks for helping.
I found the problem 
After changing :
set protocols static interface-route 10.1.100.0/24 next-hop-interface wg1
to
set protocols static interface-route 10.1.40.0/24 next-hop-interface wg1 (on left side)
and
set protocols static interface-route 10.1.30.0/24 next-hop-interface wg1 (on right side)
Didn't need this on right side:
set protocols static interface-route 10.1.100.0/24 next-hop-interface wg1
everything works :grinning:
Thanks all for helping.
BR
OFHThis topic was automatically closed 2 days after the last reply. New replies are no longer allowed.