Hello guys,
So I have a GL.Inet MT3000 travel router that I always use connected to a VPN at home, where I have a WireGuard VPN server on a Raspberry Pi. I’m having some problems accessing home servers via the router and I’m out of ideas to troubleshoot it.
The thing is as follows, always asume I’m outside home network. If I enable the Wireguard client in the router, so all devices connected to the router will go through the VPN, I’m unable to access either the Raspberry Pi or another servers at home (NAS, etc.) via their local IPs (192.168.1.X). I got a NSURLErrorCannotConnectToHost error on my browser.
However, if I connect the device I’m using to the Raspberry VPN server directly, I CAN access my servers at home using their local IP.
Settings are exactly the same in every device/profile/client. I tested multiple devices and I’m able to access the servers by their local IP on all of them (Laptop, iPad, phone…) If I connect that device DIRECTLY to the VPN server.
I guess there is something in the router that is not routing 192.168.1.X hosts correctly through the VPN. The travel router itself is on the 192.168.8.X subnet (different from home), all Wireguards configurations allow to access 192.168.1.0/24, and I have enabled the “Allow Remote Access LAN” in the travel router, that as far as I understood, it should do what I want (to let me access devices in the LAN were VPN server is).
Still, not luck. What do you think guys? I’ll appreciate any kind of help
EDIT: SOLVED! As suggested by /u/Spinkyboy, the problem was that both subnets, my home LAN and the hotel LAN (WAN subnet for my travel router) were both in 192.168.1.0/24, so the router was routing traffic to 192.168.1.X to the WAN subnet (Hotel LAN) instead of via the Wireguard VPN (Home LAN). The solution is described in this forum thread: Can’t access LAN addresses when passing all traffic via WG VPN tunne - #9 by ecfeed - VPN, DNS, Leaks - GL.iNet
Strangely enough I was having the same issue on a Glinet Opal, on some networks no issue connecting to home on a WireGuard pi to other local (home) devices, but when using my work network it completely failed to see them, although it connected and I could use the remote vpn connection just fine.
I solved it yesterday by putting a static route in under the luci menu ater reading this thread Can’t access LAN addresses when passing all traffic via WG VPN tunne - #9 by ecfeed - VPN, DNS, Leaks - GL.iNet
Now it works as it should and I can get to all the devices on my home network remotely.
In the case of the Opal router, I had to leave the gateway field blank as it didn’t work when I put in my home gateway address.
Hope that helps. I’m not an expert, so don’t ask me anything too technical 
You need to DDNS your wireguard to something like a cloudflare and use the domain to connect. The issue with your setup is, the ISP cycles the router/modem’s public IP. You need to DDNS so that the DNS provider gets that public IP updated when ever it changes.
You will need to advertise the subnet.
This make so much sense to me. In fact, I saw a similar post here in Reddit of a guy saying that changed his home subnet out of the habitual 192.168.1.0/24 to a random one (like 192.168.123.0/24) and that worked for him.
I’m at an hotel, and the upper subnet (where the router is connected to) is 192.168.1.0/24 as my home LAN. Also, I did some test before starting the trip (with my phone, via thethering, and the upper subnet from my phone carrier is 10.0.0.0/8) and every seemed working fine.
I’ll try to try this (probably tomorrow as I’m doing the usual tourism here) and post my results, but I’m pretty sure this is the thing.
Thank you very much!!!
Hi, thank you, but that’s not the problem. My VPN server is already under DDNS, and as I said, I’m able to access my LAN by connecting directly from the devices as I said
I tested it, and it worked.
As guessed, the hotel is using 192.168.1.0/24 as subnet, so the routing was conflicting between the WireGuard interface and the repeater interface for LAN IPs.
Followed the instructions in the link above provided by /u/Spinkyboy and everything is working. Thanks!
So, do you have that VPN server running on a raspberrypi or the router itself? Reading through your post, it seems like you have two running; one on your pi and another on the router itself?
Great, my tinkering helped someone, that’s a first 
I’m sorry, I might have explained myself poorly.
I have the VPN server running on the Raspberry at home. What I do in the router is to connect to that VPN as a client, so all devices connected to the router will go through the VPN server at home. Like the docs: VPN Dashboard - GL.iNet Router Docs 4
Ok so, are you traveling with the pi as well as the router? Or do you have a separate network at home that you have the pi under?
Pi is at home, where I have other servers (like a NAS). I’m traveling with the travel router
Yea, I don’t have that wireguard directory under /usr/sbin. It may populate once I enable it though. You may have a wireguard directory under /usr/sbin.
What you need to do to see that directory is to SSH into your GL router. The router itself should have made you create a root/admin password when you were setting it up. You use that, with a SSH client such as putty or if you are on linux it is ssh [email protected]
I personally VPN via taiscale. There is a specific line I have to edit into /usr/bin/gl_tailscale. I am wondering if there is a similar issue with wireguard.
What I have to do is edit in
/usr/sbin/tailscale up --advertise-exit-node --advertise-routes=192.168.8.0/24 --reset --accept-routes $param --timeout 3s > /dev/null to replace /usr/sbin/…
Let me see if my GL has a wireguard directory under /usr/sbin.
