Hi,
My home networking has two routers, both on openwrt openwrt-19.07.
One is the main [R1], and the other working as a Relay Bridge [Range Extender] [R2], so that it extends my main router's wifi range. Followed this guide.
This setup works as expected.
Now i need to add a wireguard interface to R2 router , so that the devices that connect to a specific wifi access point from the R2 router are routed to the wireguard VPN. After searching quite a lot, i got hold of this guide that should work.
But the problem that i face on the R2 Router is that, at the first step itself,where adding the WG interface, and doing all the necessary configurations like pvt/pub keys and peers on the WG interface setup page, i cant connect to the VPN server. I get: Network device is not present
error.
Also, wg command on the Router shell prompt does not return anything either.
I know that the wireguard settings that i use on R2 are perfectly fine, as the same settings are working on R1, the main router i.e i get connected to my VPN provider. Its just that i dont want the R1 router to be serving as a VPN tunnel in my setup.
Any help would be appreciated.
/etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fea2:5f1d:f460::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.2.1'
list dns '192.168.1.105'
config interface 'wan'
option ifname 'eth0.2'
option proto 'dhcp'
config device 'wan_eth0_2_dev'
option name 'eth0.2'
option macaddr 'e4:c3:blah:blah:blah:blah'
config interface 'wan6'
option ifname 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 4 5 0t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 0t'
config interface 'wwan'
option ipaddr '192.168.1.30'
option netmask '255.255.255.0'
option proto 'static'
config interface 'repeater_bridge'
option proto 'relay'
list network 'lan'
list network 'wwan'
option ipaddr '192.168.1.30'
config interface 'WGClient'
option proto 'wireguard'
list addresses '12.34.56.78/32'
list addresses 'fc00:bbbb:bbbb:bb01::4:3e1c/128'
option private_key 'blahblah'
config wireguard_WGClient
option public_key ':blahblahblahblah'='
option description 'Peer1'
option persistent_keepalive '25'
list allowed_ips '0.0.0.0/0'
list allowed_ips '::0/0'
option route_allowed_ips '1'
option endpoint_port '51820'
option endpoint_host '192.34.56.78'
/etc/config/firewall (Haven't customised myself)
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan repeater_bridge wwan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6 WGClient'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
Thanks.