Anyone got the patience to help a noob with a WireGuard client setup?

I'm looking for some kindly soul to help an old fart set up his router with the WireGuard client. I don't really know what I'm doing but I follow instructions well! I know enough so that you don't have to ELI5, I'm not that bad.

My router has 16MB Flash and 64MB RAM which should be enough. I've just flashed a clean install of 19.0.7.3 and the device is ready for SSH and web access too.

The trouble is that this device can't connect straight to my broadband. It has to go through the ISP's ADSL router. My provider forces me to use it, which is a pain.

So I need help with the setup so that all the devices in my home to go through Ethernet cables and Wireless to my OpenWRT-flashed router (it has 4 LAN ports, Wireless and WAN); then from the OpenWRT router into the crap ISP router; then to the Internet.

I still have to work over the Pandemic so I can't work on this every day (that's one of the reasons I need help - I want to get this working soon but following the instructions took a lot of time of my life without anything to show for it) but when I get time I'll do as much as possible.

Thanks in advance to the person who offers to share their time on this project.

Ciao!

Start by connecting the wan port of your OpenWrt router to the lan port of the adsl router. Then connect your hosts to the lan ports of OpenWrt as well as to its Wifi. This should work out of the box.
How is the WG client related to all that? Will all the traffic be diverted to WG tunnel? Only a few hosts or services?

The WG client is related to everything I posted, that's correct. The OpenWRT router should capture (is that the right word?) everything that's sent to it from any device connecting to it from my home network, and tunnel it all through WireGuard - so "all hosts and services" sounds right, yes - I don't want anything to go over the ISP's router without first getting forced into the WG tunnel!

I might be able to make some headway on this sometime in the next 48 hours if you wanted to give me something to get started with? If the instructions are clear enough I should be able to follow okay.

Thanks!

Ciao!

Then continuing the setup from my previous post, setup the WG client and make sure you make it default gateway by adding the 0.0.0.0/1 and 128.0.0.0/1 allowed IPs and enable the route allowed IPs.

Note that the current WG client how-to utilizes a better approach that relies on route metric.
It works seamlessly with IPv4 and IPv6.

I won't lie to you, trendy, that goes right over my head! I think you're refering to setting up my client devices, but I've never seen it described the way you're describing it. Could you help me out with a bit more information? I'll work my way through the Client setup over the next few days and post back with how I got on.

Someone's updated the WG Client guide since I last had a look at it, and I'm not sure what 'route metric' is, probably find out later!

I'm not going to be using IPv6, I've turned that off in the LuCi and using sysctl.conf, so I'll just ignore anything thing related to it when I configure WG.

Ciao!

This is about setting up the WG client. You can follow the instructions from the wiki, which was posted earlier.

Thanks trendy. I realised that once I looked at the WG Client setup wiki.

I didn't have any luck getting that far though. Here's what I did:

Step 1: Booted into a Live version of Ubuntu (I always use this for testing to eliminate configuration problems, good friend taught me this trick)
Step 2: Connected my PC to LAN port 1 of the OpenWrt router
Step 3: Logged in to the OpenWrt router using SSH
Step 4: Logged in to the OpenWrt router using the Web portal

It all works well up to here.

Step 6: Connected OpenWrt router WAN port to ISP router LAN port 1

I gave the OpenWrt router some time to make a connection then I started following the WG Client guide starting with the first step, updating the packages.

opkg update

This doesn't work.

wget returned 4.
Check your network settings and connectivity.

I left the cables where they were and tested the Internet connection using Firefox. I got the standard error message when there's no Internet connectivity. I waited some more to make sure the OpenWrt router had enough time to make a connection to the Internet and tried again but it clearly wasn't going to work.

Here's what I did next:

Step 1: I disconnected the OpenWrt router from the PC
Step 2: I disconnected the OpenWrt router from the ISP router
Step 3: I connected the PC directly to the ISP router LAN port 1 - I get a connection this way, and that's using the same cable as between the OpenWrt router and the ISP router and the same ports on the PC and the ISP router.

I made some small changes to Settings on the ISP router when I got it last year but I think they're harmless. I turned off UPnP in the Firewall because I read this was unsafe.

I made some changes on the OpenWrt router after I flashed 19.07.3. I disabled IPv6 in the Firewall by unchecking Allow-DHCPv6, Allow-MLD, Allow-ICMPv6-Input, Allow-ICMPv6-Forward, Allow-IPSec-ESP and Allow-ISAKMP. My ISP doesn't do IPv6 and it's disabled on their router anyway. I also stopped the WAN6 interface from coming up on boot, deleted the IPv6 ULA prefix, disabled bultin IPv6 management on the LAN and WAN interfaces, disabled some settings in the LAN DHCP IPv6 Settings section, and added net.ipv6.conf.default.forwarding=0 and net.ipv6.conf.all.forwarding=0 to /etc/sysctl.conf.

So here's where I am:

• ethernet cables are working, SSH and Web portal connections to OpenWrt router from PC are working, direct connection to the Internet from the PC through the ISP router is working.

• OpenWrt router connection to the Internet isn't working, PC connection to the Internet through the OpenWrt router connected to the ISP router isn't working.

That's all I can do just now. Should be back in a couple days to see if there's any replies.

• Failed to download, wget returned 4
• Troubleshooting Internet Connectivity
• Internet connectivity and troubleshooting

Most likely, you need to clone the PC's MAC address to the WAN interface of the router.
Assuming your cable is fine and you correctly identified and connected the WAN port to the ISP.

Try to connect the WAN port of the router on a different LAN port of the ISP router.

How do I configure the DNS for the WireGuard provider? I did a search on the forums but there were too many results and some of them were complicated answers for special setups.

Does the setting `uci add_list network.wg0.addresses' have to be 192.168.9.2/24? My WG provider gave me an ip/mask value when I submitted my public key and I think this might go in this setting instead.

I got a warning after restarting the firewall, is it a problem? This happens after I configure the WG interface in the Network section of the guide so I thought the WG interface would be set up correctly.

Warning: Section 'wan' cannot resolve device of network 'wg0'.

You guys have got me further ahead in this than I managed by myself! Younger heads haha.

edit---The connectivity problem was the LAN and WAN had the same values for the first three values in the IP addresses.

This is a bit tricky as OpenWrt doesn't support DNS priorities unless you utilize hotplug scripts.
However, the general method to disable peer DNS and use a public upstream DNS provider typically works well.

Usually it should be a private IP address that you get from the VPN provider.
Don't confuse it with the public endpoint address.

It should be fine when you properly set up the network config.

I made a mistake, I didn't read the Wiki properly and when I upgraded my router to 19.07.4 I lost all the work I'd done. So I haven't been able to make this work yet because I didn't have time to start again.

I think I'm going to start at the beginning with a custom image becuase I think this will make it easier in future. I've read the Wiki now and I think a custom firmware image will improve my experience.

You've been a great help so far and I look forward to coming back---I'll get this router working eventually!

You all take care of yourself now.

Ciao!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.