‘Some Time’ ago i bought and deployed a Chateau Pro ax for my home router; Its been great, but one of the main things i needed from it was to act as a Wireguard gateway, so all of the traffic on my network would be VPN-ed on transit out from my device to the wider world.
I found several guides on the matter and followed them to the best of my abilities but each time i ended up with a ‘bricked’ router where i could not reach the admin interfaces to undo changes requiring frustrating factory reset and re-config operations (and breaking other automation stuff in my environment in fun and interesting ways)
I do have a reasonable background in networking however, clearly not quite reasonable enough to figure this out without assistance!
Right now the Wireguard connection is stable, healthy, and completely unused! My key requests are:
- Can anyone help me with direct guidance, or recent (run-book style) documentation on how to direct traffic through the VPN
- Failing that, can anyone help me with some guidance on how to insure i always have an admin interface i can reach for when i screw up?
Please help me get this item off my security to-do list, its been here a while!
Easiest part first, second question:
remove one ether port from bridge, keep it in LAN list.
That will 100% guarantee Winbox access using MAC.
If you really want you can assign to that ether port DHCP server and IP address (don't forget IP pool) so your PC gets a normal IP lease.
Your first question already popped up a couple of times in the past.
The trick is to make sure all normal traffic goes out via the Wireguard interface but the WG control traffic itself, has to go out via normal WAN port.
Make sure separate route is present for WG destination and WAN port.
If I recall correctly there has been an extensive explanation by Sindy in the past. See if you can find it back.
Already another reference:
1 Like
Thanks for this, i actually beleive i tried to follow this guide (among several others) the last time i tried this and tripped up because there is a lot of switching between client and server in the task guide - I already have a VPN endpoint setup; The issue has been routing the traffic properly - after several attempts to run the process i end up with a bricked switch - which is a pain
I actually reached out to the VPN provider to see if they had any guidance as it is, im sure, also a common issue with them - but no joy unfortunately
Are there any guides that focus on the client side operations here, step by step, explaining at a high level what each step is doing to the traffic?
In a perfect world i would ping the local communities weird prepper cyber-security sysadmin tech nerd…. alas, in this case, that’s me!