Openwrt wg0 behaves not alike that on Fedora: why?

mikma.wg at mikma.wg at
Mon Jun 15 13:01:55 CEST 2020

On 2020-06-14 20:19, Sergey Ivanov wrote:
> Hi,
> I have a question about wg0 on OpenWRT not forwarding packets from one
> client to another. I have a laptop at home in my home LAN, and a
> computer at work in a very restricted LAN. They can not see one
> another. I spent a lot of time trying to get them connected by adding
> their wg0's IP addresses to the AllowedIPs on my home router running
> OpenWRT. I saw pings from each of them successfully decrypted (I've
> used ping with patterns) on the OpenWRT wg0, but they never got routed
> further.
> When I decided to try to move the same AllowedIPs from OpenWRT's wg0
> to my desktop Fedora, it immediately worked. It looks like some sort
> of setting like isolation of the clients, or hairpin mode which is
> different on OpenWRT than on Fedora.
> Can someone help and suggest what I should look at? I'd like to have
> it working on the router which is all time on.

You should look at the firewall in OpenWrt. It's probably dropping or 
rejecting the packets. In particular look at the forward option of the 
firewall zone assigned to wg0. From the OpenWrt Firewall - Zone Settings 

     the forward option describes the policy for forwarded traffic 
between different networks within the zone.

Since WireGuard is a routed (and not bridged) VPN the above setting can 
also control forwarding between hosts on the same network.

More information about the WireGuard mailing list