<keys, public-ip, etc changed for privacy>
I was able to set up the wireguard tunnel from a dedicated server to the openwrt router.
The problem now I'm running into is accessing devices from outside the network through the tunnel (via the dedicated server IP).
For example I'm in a remote office thousands of miles away, and trying to connect to the devices on the lan behind the OWRT router. I'd like to be able to access them through the dedicated server's tunnel because the way the ISP is routing everything, going direct to the router just isn't an option. But the dedicated server is in a neraby datacenter that has a decent ISP with good routing.
What's preventing me from connecting to 23.44.44.15:5450 to get to my NAS?
I think I messed something up with the firewall or the routing because I'm not able to get internet through the dedicated server IP on the devices behind the 3200acm.
/etc/config/network file on the openwrt:
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd14:4b4c:235f::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option ifname 'eth1.2'
option proto 'dhcp'
config interface 'wan6'
option ifname 'eth1.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0 1 2 3 5t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '4 6t'
config interface 'wg0'
option proto 'wireguard'
option private_key 'dsfgfdsgfsdgsfdvgfdsbygsb5='
option listen_port '53810'
list addresses '10.66.66.1/24'
config wireguard_wg0
option endpoint_port '53810'
option description 'ubuntudedicated'
option public_key 'fdsgbfdsgfdbgdfsbgfsdbgdfsbgdfsbgfd='
option persistent_keepalive '25'
option route_allowed_ips '1'
option endpoint_host '23.44.44.15'
list allowed_ips '10.66.66.2/32'
list allowed_ips '192.168.1.1/24'
config rule
option in 'lan'
option lookup '100'
config route
option interface 'wg0'
option target '0.0.0.0'
option netmask '0.0.0.0'
option table '100'
/etc/config/firewall on openwrt
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
On the server: ufw status
Status: inactive
/etc/wireguard/wg0.conf
[Interface]
Address = 10.66.66.2/24
SaveConfig = true
ListenPort = 53810
PrivateKey = safdsfdsafadsfdsafdsafds=
[Peer]
PublicKey = dfdsafdsafbsdafbsdabfsad=
AllowedIPs = 10.66.66.1/32
AllowedIPs = 192.168.1.1/24
Endpoint = ISProuterWANip:53810