u/SolanaGuy19

I have an ASUS xt8 as my home router. I would like to use it to access my home network LAN from the internet (say I'm in a hotel).

I've set up a WireGuard VPN server on the ASUS (at 10.6.0.1) and my LAN is 192.168.50.0/24
The WAN on the router is 70.X.Y.Z (passed through from my AT&T router)

When I connect to the xt8 via the VPN, my external computer gets assigned 10.6.0.2 - and I can ping both the WAN IP, and the LAN gateway (192.168.50.1), but nothing else on the LAN. All my traffic is going through the VPN (a "whatismyip.com" returns the WAN 70.X.Y.Z)
From a device on the LAN, I can ping the WAN IP, and the VPN gateway (10.6.0.1), but not the remote device at 10.6.0.2

So it seems that the two subnets on the ASUS (LAN and VPN) can see the "inside" of the ASUS but are being blocked from talking to each other. I presume I need to set some sort of permission for cross routing, but I can't figure out where it is.
The Firewall seems to only be dealing with the WAN-side interface, not internal.
Under the LAN controls, there is a "Route" option:

https://preview.redd.it/cw6iofj0n72h1.png?width=1144&format=png&auto=webp&s=6f2d19755f244fb0fc4d654aa6ab2b0adf02056b

But it states it allows routing rules if "you connect several routers behind the ZenWiFi," but I don't have any others behind the router - I have two subnets *in* the router.

I feel like the answer is here somewhere, but I can't figure it out - hoping someone here can help.

Thanks and apologies in advance, I expect this is answered here somewhere, but I've read a half-dozen different threads that sounded promising, and none made me smart enough to solve my issue (I'm starting to think maybe 'it's me'...)

I'm trying to set up access to my home router and LAN from a client laptop outside my home (say in a hotel), to do one of the following 3 actions/options:

1. Relay internet traffic so it looks like "I am at home" (e.g. stream services that I am allowed to at home, but couldn't at the hotel)
2. Relay internet traffic to look like I'm home, *and* access internal LAN devices (NAS, SiliconDust, etc.) at home -- Basically my laptop in the hotel acts as though it's inside my house
3. Access home LAN, but use "hotel" ISP for all other internet traffic (in case I want to stream something that's allowed at the hotel).

Realistically, I don't know if I need #1 if I get #2 working, but I expect it'd help me understand how this is working to know the setup.

So far, all I can manage is #1...

What I have at home:

ASUS XT8 router set to act as a Wireguard Server
WAN = 70.A.B.C (passthrough from AT&T router)
LAN = 192.168.50.1
DHCP serving internal network on 192.168.50.0/24
Wireguard server at 10.6.0.1

When I set up the WG VPN on the ASUS, and I take the defaults, it generates a .conf file that contains:

[Interface]
PrivateKey = <...>
Address = 10.6.0.2/32
DNS = 10.6.0.1

[Peer]
PublicKey = <...>
AllowedIPs = 0.0.0.0/0
Endpoint = 70.A.B.C:51820 [Where 70.A.B.C is my AT&T WAN IP]
PersistentKeepalive = 25

My interpretation here is the Client side "Allowed IPs = 0.0.0.0/0" routes all traffic from the client through the tunnel - including any "internet requests". This seems confirmed by a "whatismyip.com" on the laptop/client returning "70.A.B.C" when connected to the VPN.

I can also "ping 192.168.50.1" - the LAN face of the ASUS - successfully, but I get no response from "ping 192.168.50.25" (my NAS), or any other device in the LAN.

Given the tunnel appears to be set up, I'm wondering if the problem isn't the WG server at all, but some firewall aspect of the ASUS that's not letting "outside" traffic (from 10.6.0.2) get to the LAN. I'm investigating that, but figured I'd ask to see if I have the WG set up correctly.

Additionally, if it is a firewall issue, then to get #3 (above) to work, I think I need to swap out the client Allowed IP = 0.0.0.0/0 to be 192.168.50.0/24 (??) so only requests to the LAN get funneled through the VPN.

Am I on the right track here?

On the extremely off chance anyone reading this has familiarity with the XT8 and its interface - and my problem *is* firewall, I'd gladly take advice there too.

I've seen people asking questions on timing of CC rewards, so I'm posting a data point from my current experience to share (maybe someone searches for this info and finds it).

March 1, 2024 I got a Chase UA Club Card.

March 10, 2026 I received my statement with the annual fee on it. I called Chase and downgraded my Club card to a (free) Gateway CC. The number didn't change, so all my "pre-programmed" billing would not be messed up.

April 12, (waiting a bit), I applied for a new Club card - in order to receive the "new card benefits". I also got an "additional user" card for my wife.
[Instant approval, online]

April 16, the new card arrives via "UPS overnight"

April 18, paid a fairly large bill with the Club card to get over the required initial spend.
The PQP for this appeared on April 20. [2 day delay]

April 20, per UA website, I received the 10K Miles for the additional user card.
[Note, it's dated the 20th on my "activity" page - but it didn't actually *appear* on the page until about 3 days later, so they back dated it.]

April 23, paid a large invoice - the PQP from that appeared 4/27 [4 day delay?]

May 3, first Chase statement date. Per UA activity, I got the 100,000 miles this day.
Again, it didn't really appear until about 7th, but was "backdated" to the 3rd.

May 4th, got the 3000 PQP bump for new card holder - did appear on the 4th.

.

So application (April 12) to "I've got all the miles/PQP's" (May 4th) was just over 3 weeks. I did spend the require $5K almost immediately - obviously that would delay the 3000PQP and 100K miles until later if I hadn't.

YMMV, but I hope this helps someone trying to decide what/when to do.

My current solar installation has two separate circuits (20A each) on my roof. One circuit is "original" from my homebuild 10 years ago, and has 10x S280's and 4x M250's attached. The second circuit was added later and has 7x IQ7+ attached. I have two gateways; an Envoy-S and an IQ-Gateway reporting my data.

All has been working fine for years, but about a month ago I got a notice from Enphase that 7 microinverts had stopped reporting. I checked the app, and all the IQ7+ were down.

I went to the breaker box and found the 20A breaker for that circuit was dead - not just tripped, but unusable (toggle in the middle position - wouldn't snap to either "off" or "on" position). Not thinking about it too much (and clearly "not enough"), I assumed the breaker was bad, went and got another 240V-20A breaker from Home Depot, put it in, turned on the power, and 'poof' it immediately died as well.

At this point I disconnected both circuits from the panel/breakers. I checked each for voltage (shouldn't see any) and found none. I checked each for resistance and found one (the functioning one) at 100K-Ohm, and the other (the blowy one) at 7K-Ohm.

7Kohm shouldn't be a breaker problem (right? 240V/7000ohm = .03A), but the fact they are so different makes me wonder if there's a clue to the issue here. What *should* an open circuit of microinverters show as a resistance?

My thought/guess/hope is that one of the IQ7+ is bad and shorts out as soon as it sees 240V line voltage. So i could go disconnect the string and reconnect them 1 by 1 to see if there's one that changes the resistance - if in fact the lower resistance is a clue.

Does any of this make sense to anyone here?

[EDIT - follow up] - the first breaker does indeed seem to be 'fried' (non-recoverable), but I took the second one, which seemed similarly dead, and just worked the switch back and forth a while and it eventually started "catching" (in "off" and "on" positions) and now seems like it's functioning. If so, then it is just a short (which I can trace) not some weird "breaker killer', and I'll chalk the first one's "complete death" to just being old.