MikroTik

Hi, WireGuard works and is easy enough to setup upto the connection point; however, giving a peer access to NAS data or a shared drive mapping is not streight forward. Please help me to figure out a standard procedure for this purpose.

Issue: Cannot access main lan device for the purpose of mapping network drive via WireGuard
Target: to provide peers access to a shared drive located on main Lan when they connect to WireGuard.

I understand, WireGuard requires a seperate subnet to function correctly for routing, peer connects and
CAN:
Can ping the NAS located on main Lan by IP only
Can ping web at google.com

CANNOT:
Cannot ping local devices by DNS, Log shows Netbios inquiry at port 137.
Cannot map network drive by ip or by dns

Thank you for the help

Just guessing but you've got a home network with a NAS you want to access remotely?

Regarding DNS, Wireguard is just a protocol and the standard Wireguard client is pretty stupid thus you have to specify everything manually for example which DNS server to use when connecting the tunnel, etc.

Perhaps some of these guides might help you with your specific problem:
- viewtopic.php?t=182340
- viewtopic.php?t=174417

Thank you Larsa,
Great Links, many common issues are explained in both of them. Maybe I will create a sort of checklist for WireGuard setup that will provide an easy guide for local lan access to a starter.

I was able to get access to local devices by changing AllowedIPs, remove 0.0.0.0/0 and add the NAS IP. DNS still not working for local devices as inquiry goes at Netbios on 137 but reply does not return. For my purpose, local device DNS resolution is not really needed but next setup may need it.

When you get stuck post your config on the main router ( assuming a MIKROTK router acting as the wireguard SERVER).
Also details are important, are all the clients coming in, mobile devices??

Hi Anav,

Thanks for reply. I was able to get it all going and all is good now, however, interestingly access to local lan started to break. Research revealed, limiting the tunned traffic by AllowedIPs was set in the server as well as in client, it should be only setup in the client/peer. Link for this is here:https://gist.github.com/chrisswanda/88a ... 1d1e9b20f4

If you're using macOS I recommend using the standard client that has features like connection on demand and automatic key generation. The Windows client is nowadays also able to run as a service and if needed the tunnel is automatically established during boot.