NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

appelguy's avatar
appelguy
Aspirant
Mar 26, 2025

PR460X WireGuard VLAN access

Is there a way to be able to point a WireGuard VPN connection to one of my VPNs?  I'm able to configure the Wireguard VPN, and get a client (my iPhone) to connect, but it's only setting up an address of 10.0.0.1 on my device, which is the IP range I set for my Wireguard server.  

 

How can I get that connection to communicate with VLAN1 (management VLAN), which is a 192.168.2.0 schema?

 

I found an option under user management where I can select "split tunnel" and I can select different VLANs, however when I do that, I still cannot communicate from my iOS device and devices on my management VLAN.  

 

Any suggestions?

8 Replies

  • appelguy's avatar
    appelguy
    Aspirant
    Mar 27, 2025

    Typo in my original message.  I meant connection to my VLANs, not VPNs.

  • c3po2's avatar
    c3po2
    Apprentice
    Mar 27, 2025

    Hi Appleguy, WireGuard VPN client IP address should be different than any of VLAN subnet, once connected, the Wire Guard VPN client has access to all VLANs including management VLAN(full tunnel) or VLANs specified in split tunnel configuration. 

    Quote "but it's only setting up an address of 10.0.0.1 on my device, which is the IP range I set for my Wireguard server." This appears to be configured wrong, your wireguad server address needs to be public IP or DDNS domain name.

    If you want VPN client joining local VLAN, you can use OpenVPN tap mode (For example, if you want to run NETGEAR Engage controller remotely, you can OpenVPN tap mode into local VLAN and broadcast would go through VPN tunnel as well).

    Please request a help ticket with NETGEAR support, so that you can provide your WireGuard configuration file for review.

    • c3po2's avatar
      c3po2
      Apprentice
      Mar 27, 2025

      Below is example of my WireGurad configurations:

       

      1. I have VLANs

      VLAN1 default management: 192.168.1.0/24

      VLAN2 IoT: 192.168.2.0/24

      VLAN3 Guest: 192.168.3.0/24

       

      2. WireGuard basic settings:

      Server address: mywireguardserver.hopto.org

      IP Address Range for VPN clients: 192.168.4.0/24

       

      3. Add wireguard clients:

      192.168.4.2

      192.168.4.3

       

      4. Once connected, VPN client 192.168.4.2 and 192.168.4.3 will have access to all below VLANs: 192.168.1.0, 192.168.2.0, 192.168.3.0

      • appelguy's avatar
        appelguy
        Aspirant
        Mar 27, 2025

        c3po2 thanks for input.  I adjusted close to your configuration and now I can ping addresses on different VLANs, however, it only works while connected to WiFi on my home network.  If I flip over to 5G on my cell phone, I can no longer ping devices. 

         

        Any ideas why?

         

        On the earlier response, I do have my server set to to my external IP (via a DDNS service).  

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More