NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

appelguy's avatar
appelguy
Aspirant
Mar 26, 2025

PR460X WireGuard VLAN access

Is there a way to be able to point a WireGuard VPN connection to one of my VPNs?  I'm able to configure the Wireguard VPN, and get a client (my iPhone) to connect, but it's only setting up an address...
c3po2's avatar
c3po2
Apprentice
Mar 27, 2025

Hi Appleguy, WireGuard VPN client IP address should be different than any of VLAN subnet, once connected, the Wire Guard VPN client has access to all VLANs including management VLAN(full tunnel) or VLANs specified in split tunnel configuration. 

Quote "but it's only setting up an address of 10.0.0.1 on my device, which is the IP range I set for my Wireguard server." This appears to be configured wrong, your wireguad server address needs to be public IP or DDNS domain name.

If you want VPN client joining local VLAN, you can use OpenVPN tap mode (For example, if you want to run NETGEAR Engage controller remotely, you can OpenVPN tap mode into local VLAN and broadcast would go through VPN tunnel as well).

Please request a help ticket with NETGEAR support, so that you can provide your WireGuard configuration file for review.

c3po2's avatar
c3po2
Apprentice
Mar 27, 2025

Below is example of my WireGurad configurations:

 

1. I have VLANs

VLAN1 default management: 192.168.1.0/24

VLAN2 IoT: 192.168.2.0/24

VLAN3 Guest: 192.168.3.0/24

 

2. WireGuard basic settings:

Server address: mywireguardserver.hopto.org

IP Address Range for VPN clients: 192.168.4.0/24

 

3. Add wireguard clients:

192.168.4.2

192.168.4.3

 

4. Once connected, VPN client 192.168.4.2 and 192.168.4.3 will have access to all below VLANs: 192.168.1.0, 192.168.2.0, 192.168.3.0

  • appelguy's avatar
    appelguy
    Aspirant
    Mar 27, 2025

    c3po2 thanks for input.  I adjusted close to your configuration and now I can ping addresses on different VLANs, however, it only works while connected to WiFi on my home network.  If I flip over to 5G on my cell phone, I can no longer ping devices. 

     

    Any ideas why?

     

    On the earlier response, I do have my server set to to my external IP (via a DDNS service).  

    • c3po2's avatar
      c3po2
      Apprentice
      Mar 27, 2025

      A few questions:

      1. Is PR460X directly connected to your ISP modem, or behind another home router/gateway? If PR460X is behind another router, please port forward wireguard service to PR460X on upper router.

      2. When your phone connects to Wi-Fi, which subnet it joins? Onto PR460X WAN subnet, or PR460X LAN subnet?

      3. When your phone connects to 5G only, can you visit nslookup.io and lookup your ddns domain name?

      • appelguy's avatar
        appelguy
        Aspirant
        Mar 27, 2025
        It’s directly connected to a modem.

        When connected over 5G the interface address is 192.168.3.2. The peer subnnet is my management vlan 192.168.2.0/24.

        Yes I can lookup my WAN ip via ddns on nslookup

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More