Anyone using wireguard for Android -> OpenWrt tunnel?

Installing and Using OpenWrt
2

Assuming, the correct port for WG (i.e. 5555) is open on openwrt, I would check for incoming packets, first:
iptables -L -n -v | grep 5555
when trying to connect from Android.
I am sucessfully using WG on several openwrt devices, but only to real ubuntu server.

3

No problems here. Here are the pertinent bits of my configs:

/etc/config/network 
config interface 'wgserver'
	option proto 'wireguard'
	option private_key '<redacted>'
	option listen_port '52000'
	list addresses '192.168.99.1/24'

config wireguard_wgserver
	option public_key '<redacted>'
	list allowed_ips '192.168.99.3/32'
	option persistent_keepalive '25'
	option description 'pixel'
/etc/config/firewall 
config rule
	option src '*'
	option target 'ACCEPT'
	option proto 'udp'
	option dest_port '52000'
	option name 'Allow-Wireguard-Inbound'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option network 'lan wgserver'
4

Ok, there are packets coming in ...
Is there any way to see what's then happening? Any log file of wireguard? debug?

5

I haven't seen any OpenWRT-side (though, that's probably just my ignorance), but you can export a log file from the Wireguard Android app: 'three dots' in the top right of the app > "export log file"

Feel free to post your /etc/config/network and /etc/config/firewall configs here (make sure you remove sensitive details such as private keys, MAC addresses and public IP addresses) if you'd like a pair of eyes over it.

6

See if there's a handshake, that's the only indicator. You can also use tcpdump to look at your inbound UDP packet from the SRC IP. I'm not understanding the seeking of logs.

Yes, 5 posts, no configs.

The commands wg or wg show gives you the status,

1 Like
7

Hi

I first want to thank you for your help ..

I have the following:

grafik
grafik.png804×446 22.6 KB

In the /etc/config/network

config interface 'wg'
        option proto 'wireguard'
        option private_key 'wFODqKEJ9BdR9xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
        list addresses '192.168.46.1/24'
        list addresses 'fd42:0:0:46::1/64'
        option listen_port '51820'

config wireguard_wg
        option public_key 'Ail7Nq9lbs8yyyyyyyyyyyyyyyyyyyyyyyyy'
        option persistent_keepalive '25'
        list allowed_ips '192.168.46.210/32'
        list allowed_ips 'fd42:0:0:46::210/128'
        option preshared_key 'yDAiOb1mTizzzzzzzzzzzzzzzzzzzz'

In the /etc/config/firewall:

config rule
        option target 'ACCEPT'
        option src 'wan'
        option proto 'udp'
        option name 'Allow Wireguard for Mobiles'
        option dest_port '51820'

config zone
        option name 'wg'
        option forward 'REJECT'
        option output 'ACCEPT'
        option network 'wg'
        option input 'ACCEPT'

config forwarding
        option dest 'dmz'
        option src 'wg'

config forwarding
        option dest 'wan'
        option src 'wg'

I get routes:

root@OpenWrt:/etc/config# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         xx-yy-yy-y.zzzz 0.0.0.0         UG    0      0        0 eth1.2
xx.yy.yy.0      *               255.255.240.0   U     0      0        0 eth1.2
192.168.40.0    *               255.255.255.0   U     0      0        0 br-DMZ
192.168.41.0    *               255.255.255.0   U     0      0        0 br-lan
192.168.44.0    *               255.255.255.0   U     0      0        0 eth0.44
192.168.46.0    *               255.255.255.0   U     0      0        0 wg

root@OpenWrt:/etc/config# wg show
interface: wg
  public key: BvZYEfkfTMwwwwwwwwwwwwwwwwwwwwwwwwwwww
  private key: (hidden)
  listening port: 51820

peer: Ail7Nq9lbs8PhR8yyyyyyyyyyyyyyyyyyyyyyyyyyyyy
  preshared key: (hidden)
  allowed ips: 192.168.46.210/32, fd42:0:0:46::210/128
  persistent keepalive: every 25 seconds

The Android log:
--------- beginning of system
04-21 21:10:26.909 30271 30271 I ActivityThread: handleStopService: token=android.os.BinderProxy@efe5340 not found.
--------- beginning of events
04-22 15:37:57.781  5344  5344 W ActivityThread: handleWindowVisibility: no activity for token android.os.BinderProxy@37573e4
04-22 15:37:57.798  5344  5344 I am_on_create_called: [0,com.wireguard.android.activity.MainActivity,performCreate]
04-22 15:37:57.799  5344  5344 I am_on_start_called: [0,com.wireguard.android.activity.MainActivity,handleStartActivity]
04-22 15:37:57.799  5344  5344 I am_on_resume_called: [0,com.wireguard.android.activity.MainActivity,RESUME_ACTIVITY]
04-22 15:37:58.980  5344  5344 W StaticLayout: maxLineHeight should not be -1.  maxLines:1 lineCount:1
04-22 15:37:58.980  5344  5344 W StaticLayout: maxLineHeight should not be -1.  maxLines:1 lineCount:1
04-22 15:38:03.595  5344  5344 I menu_item_selected: [0,Edit]
04-22 15:38:03.662  5344  5344 W StaticLayout: maxLineHeight should not be -1.  maxLines:1 lineCount:1
04-22 15:38:03.664  5344  5344 W StaticLayout: maxLineHeight should not be -1.  maxLines:1 lineCount:1
04-22 15:38:05.795  5344  5344 E ANDR-PERF: IPerf::tryGetService failed!
04-22 15:38:05.843  5344  5344 E ANDR-PERF: IPerf::tryGetService failed!
04-22 15:38:06.748  5344  5344 E ANDR-PERF: IPerf::tryGetService failed!
04-22 15:38:08.012  5344  5344 E ANDR-PERF: IPerf::tryGetService failed!
04-22 15:38:14.120  5344  5344 E ANDR-PERF: IPerf::tryGetService failed!
04-22 15:38:14.169  5344  5344 E ANDR-PERF: IPerf::tryGetService failed!
04-22 15:38:14.448  5344  5344 E ANDR-PERF: IPerf::tryGetService failed!
04-22 15:38:20.435  5344  5344 W StaticLayout: maxLineHeight should not be -1.  maxLines:1 lineCount:1
04-22 15:38:20.437  5344  5344 W StaticLayout: maxLineHeight should not be -1.  maxLines:1 lineCount:1
04-22 15:38:42.889  5344  5344 W StaticLayout: maxLineHeight should not be -1.  maxLines:1 lineCount:1
04-22 15:38:42.890  5344  5344 W StaticLayout: maxLineHeight should not be -1.  maxLines:1 lineCount:1
04-22 15:38:49.090  5344  8814 D WireGuard/GoBackend: Changing tunnel home to state UP
04-22 15:38:49.090  5344  8814 I WireGuard/GoBackend: Bringing tunnel up
04-22 15:38:49.112  5344  8814 D WireGuard/GoBackend: Go backend v0.0.20181222
04-22 15:38:49.112  5344  8814 D WireGuard/GoBackend/home: Debug log enabled
04-22 15:38:49.112  5344  8814 I WireGuard/GoBackend/home: Attaching to interface tun0
04-22 15:38:49.137  5344  5965 D WireGuard/GoBackend/home: Routine: handshake worker - started
04-22 15:38:49.137  5344  5965 D WireGuard/GoBackend/home: Routine: encryption worker - started
04-22 15:38:49.137  5344  5965 D WireGuard/GoBackend/home: Routine: decryption worker - started
04-22 15:38:49.137  5344  5984 D WireGuard/GoBackend/home: Routine: event worker - started
04-22 15:38:49.137  5344  5965 D WireGuard/GoBackend/home: Routine: handshake worker - started
04-22 15:38:49.137  5344  5984 D WireGuard/GoBackend/home: Routine: encryption worker - started
04-22 15:38:49.137  5344  5984 D WireGuard/GoBackend/home: Routine: decryption worker - started
04-22 15:38:49.137  5344  5984 D WireGuard/GoBackend/home: Routine: encryption worker - started
04-22 15:38:49.137  5344  5965 D WireGuard/GoBackend/home: Routine: decryption worker - started
04-22 15:38:49.137  5344  5965 D WireGuard/GoBackend/home: Routine: decryption worker - started
04-22 15:38:49.137  5344  5984 D WireGuard/GoBackend/home: Routine: TUN reader - started
04-22 15:38:49.137  5344  5965 D WireGuard/GoBackend/home: Routine: handshake worker - started
04-22 15:38:49.137  5344  5965 D WireGuard/GoBackend/home: Routine: encryption worker - started
04-22 15:38:49.137  5344  5965 D WireGuard/GoBackend/home: Routine: handshake worker - started
04-22 15:38:49.137  5344  8814 D WireGuard/GoBackend/home: UAPI: Updating private key
04-22 15:38:49.138  5344  8814 D WireGuard/GoBackend/home: UAPI: Removing all peers
04-22 15:38:49.138  5344  8814 D WireGuard/GoBackend/home: UAPI: Transition to peer configuration
04-22 15:38:49.139  5344  8814 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - UAPI: Created
04-22 15:38:49.139  5344  8814 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - UAPI: Adding allowedip
04-22 15:38:49.139  5344  8814 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - UAPI: Adding allowedip
04-22 15:38:49.139  5344  8814 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - UAPI: Updating endpoint
04-22 15:38:49.139  5344  8814 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - UAPI: Updating persistent keepalive interval
04-22 15:38:49.139  5344  8814 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - UAPI: Updating preshared key
04-22 15:38:49.139  5344  8814 E WireGuard/GoBackend/home: mkdir /var: read-only file system
04-22 15:38:49.139  5344  5984 D WireGuard/GoBackend/home: Routine: receive incoming IPv6 - started
04-22 15:38:49.139  5344  6781 D WireGuard/GoBackend/home: Routine: receive incoming IPv4 - started
04-22 15:38:49.140  5344  8814 D WireGuard/GoBackend/home: UDP bind has been updated
04-22 15:38:49.140  5344  8814 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Starting...
04-22 15:38:49.140  5344  6781 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Routine: sequential receiver - started
04-22 15:38:49.140  5344  6781 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Routine: nonce worker - started
04-22 15:38:49.140  5344  6781 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Routine: sequential sender - started
04-22 15:38:49.140  5344  8814 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Sending keepalive packet
04-22 15:38:49.140  5344  8814 I WireGuard/GoBackend/home: Device started
04-22 15:38:49.140  5344  5965 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Sending handshake initiation
04-22 15:38:49.142  5344  5965 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Awaiting keypair
04-22 15:38:54.338  5344  5984 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Handshake did not complete after 5 seconds, retrying (try 2)
04-22 15:38:54.339  5344  5984 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Sending handshake initiation
04-22 15:38:55.123  5344  5344 I am_on_paused_called: [0,com.wireguard.android.activity.MainActivity,performPause]
04-22 15:38:55.365  5344  5344 I am_on_stop_called: [0,com.wireguard.android.activity.MainActivity,LIFECYCLER_STOP_ACTIVITY]
04-22 15:38:55.366  5344  5344 I am_on_destroy_called: [0,com.wireguard.android.activity.MainActivity,performDestroy]
04-22 15:38:59.372  5344  5344 W ActivityThread: handleWindowVisibility: no activity for token android.os.BinderProxy@7a0d24e
04-22 15:38:59.386  5344  5344 I am_on_create_called: [0,com.wireguard.android.activity.MainActivity,performCreate]
04-22 15:38:59.387  5344  5344 I am_on_start_called: [0,com.wireguard.android.activity.MainActivity,handleStartActivity]
04-22 15:38:59.387  5344  5344 I am_on_resume_called: [0,com.wireguard.android.activity.MainActivity,RESUME_ACTIVITY]
04-22 15:38:59.594  5344  5984 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Handshake did not complete after 5 seconds, retrying (try 2)
04-22 15:38:59.594  5344  5984 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Sending handshake initiation
04-22 15:39:04.656  5344  5984 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Handshake did not complete after 5 seconds, retrying (try 2)
04-22 15:39:04.656  5344  5984 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Sending handshake initiation
04-22 15:39:09.720  5344  5984 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Handshake did not complete after 5 seconds, retrying (try 2)
04-22 15:39:09.720  5344  5984 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Sending handshake initiation
04-22 15:39:14.791  5344  6776 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Handshake did not complete after 5 seconds, retrying (try 2)
04-22 15:39:14.791  5344  6776 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Sending handshake initiation
04-22 15:39:19.906  5344  5984 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Handshake did not complete after 5 seconds, retrying (try 2)
04-22 15:39:19.906  5344  5984 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Sending handshake initiation
04-22 15:39:25.217  5344  5965 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Handshake did not complete after 5 seconds, retrying (try 2)
04-22 15:39:25.217  5344  5965 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Sending handshake initiation
04-22 15:39:30.406  5344  5367 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Handshake did not complete after 5 seconds, retrying (try 2)
04-22 15:39:30.406  5344  5367 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Sending handshake initiation
04-22 15:39:35.719  5344  5984 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Handshake did not complete after 5 seconds, retrying (try 2)
04-22 15:39:35.719  5344  5984 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Sending handshake initiation
04-22 15:39:40.941  5344  5984 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Handshake did not complete after 5 seconds, retrying (try 2)
04-22 15:39:40.942  5344  5984 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Sending handshake initiation
04-22 15:39:46.171  5344  5984 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Handshake did not complete after 5 seconds, retrying (try 2)
04-22 15:39:46.171  5344  5984 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Sending handshake initiation
04-22 15:39:51.180  5344  5964 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Sending handshake initiation
04-22 15:39:56.186  5344  5964 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Sending handshake initiation
04-22 15:40:01.192  5344  5964 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Sending handshake initiation
04-22 15:40:06.198  5344  5964 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Sending handshake initiation
04-22 15:40:11.343  5344  5965 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Handshake did not complete after 5 seconds, retrying (try 2)
04-22 15:40:11.343  5344  5965 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Sending handshake initiation
04-22 15:40:16.567  5344  5965 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Handshake did not complete after 5 seconds, retrying (try 2)
04-22 15:40:16.567  5344  5965 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Sending handshake initiation
04-22 15:40:21.842  5344  5965 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Handshake did not complete after 5 seconds, retrying (try 2)
04-22 15:40:21.842  5344  5965 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Sending handshake initiation
04-22 15:40:26.919  5344  6781 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Handshake did not complete after 5 seconds, retrying (try 2)
04-22 15:40:26.919  5344  6781 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Sending handshake initiation
04-22 15:40:32.096  5344  6781 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Handshake did not complete after 5 seconds, retrying (try 2)
04-22 15:40:32.096  5344  6781 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Sending handshake initiation
04-22 15:40:37.245  5344  6781 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Handshake did not complete after 5 seconds, retrying (try 2)
04-22 15:40:37.245  5344  6781 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Sending handshake initiation
04-22 15:40:42.247  5344  5964 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Sending handshake initiation
04-22 15:40:47.491  5344  5965 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Handshake did not complete after 5 seconds, retrying (try 2)
04-22 15:40:47.491  5344  5965 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Sending handshake initiation
04-22 15:40:52.820  5344  5965 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Handshake did not complete after 5 seconds, retrying (try 2)
04-22 15:40:52.821  5344  5965 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Sending handshake initiation
04-22 15:40:58.130  5344  5984 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Handshake did not complete after 5 seconds, retrying (try 2)
04-22 15:40:58.130  5344  5984 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Sending handshake initiation
04-22 15:40:59.636  5344  5344 I am_on_paused_called: [0,com.wireguard.android.activity.MainActivity,performPause]
04-22 15:40:59.654  5344  5344 I am_on_stop_called: [0,com.wireguard.android.activity.MainActivity,sleeping]
04-22 15:41:08.952  5344  5964 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Sending handshake initiation
04-22 15:41:13.958  5344  5964 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Sending handshake initiation
04-22 15:42:15.372  5344  5964 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Sending handshake initiation
04-22 15:44:11.751  5344  5367 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Handshake did not complete after 5 seconds, retrying (try 2)
04-22 15:44:11.751  5344  5367 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Sending handshake initiation
04-22 15:45:15.591  5344  5344 I am_on_restart_called: [0,com.wireguard.android.activity.MainActivity,performRestartActivity]
04-22 15:45:15.591  5344  5344 I am_on_start_called: [0,com.wireguard.android.activity.MainActivity,handleStartActivity]
04-22 15:45:15.592  5344  5344 I am_on_resume_called: [0,com.wireguard.android.activity.MainActivity,RESUME_ACTIVITY]
04-22 15:45:16.042  5344  5964 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Sending handshake initiation
04-22 15:45:16.677  5344  8907 D WireGuard/GoBackend: Changing tunnel home to state DOWN
04-22 15:45:16.677  5344  8907 I WireGuard/GoBackend: Bringing tunnel down
04-22 15:45:16.678  5344  8907 I WireGuard/GoBackend/home: Device closing
04-22 15:45:16.678  5344  5964 D WireGuard/GoBackend/home: Routine: event worker - stopped
04-22 15:45:16.765  5344  6781 D WireGuard/GoBackend/home: Routine: TUN reader - stopped
04-22 15:45:16.765  5344  5963 D WireGuard/GoBackend/home: Routine: receive incoming IPv4 - stopped
04-22 15:45:16.766  5344  6781 D WireGuard/GoBackend/home: Routine: receive incoming IPv6 - stopped
04-22 15:45:16.766  5344  8907 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Stopping...
04-22 15:45:16.766  5344  5963 D WireGuard/GoBackend/home: Routine: decryption worker - stopped
04-22 15:45:16.766  5344  5963 D WireGuard/GoBackend/home: Routine: decryption worker - stopped
04-22 15:45:16.766  5344  6781 D WireGuard/GoBackend/home: Routine: decryption worker - stopped
04-22 15:45:16.766  5344  6781 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Routine: sequential receiver - stopped
04-22 15:45:16.766  5344  5963 D WireGuard/GoBackend/home: Routine: handshake worker - stopped
04-22 15:45:16.766  5344  5963 D WireGuard/GoBackend/home: Routine: handshake worker - stopped
04-22 15:45:16.766  5344  5963 D WireGuard/GoBackend/home: Routine: encryption worker - stopped
04-22 15:45:16.766  5344  5963 D WireGuard/GoBackend/home: Routine: handshake worker - stopped
04-22 15:45:16.766  5344  5963 D WireGuard/GoBackend/home: Routine: encryption worker - stopped
04-22 15:45:16.766  5344  5963 D WireGuard/GoBackend/home: Routine: encryption worker - stopped
04-22 15:45:16.766  5344  5963 D WireGuard/GoBackend/home: Routine: handshake worker - stopped
04-22 15:45:16.766  5344  5963 D WireGuard/GoBackend/home: Routine: decryption worker - stopped
04-22 15:45:16.766  5344  5963 D WireGuard/GoBackend/home: Routine: encryption worker - stopped
04-22 15:45:16.766  5344  5963 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Routine: nonce worker - stopped
04-22 15:45:16.766  5344  5963 D WireGuard/GoBackend/home: peer(BvZY…ZBTI) - Routine: sequential sender - stopped
04-22 15:45:16.766  5344  8907 I WireGuard/GoBackend/home: Interface closed
04-22 15:45:18.492  5344  5344 I am_on_paused_called: [0,com.wireguard.android.activity.MainActivity,performPause]
04-22 15:45:18.752  5344  5344 I am_on_stop_called: [0,com.wireguard.android.activity.MainActivity,LIFECYCLER_STOP_ACTIVITY]
04-22 15:45:18.754  5344  5344 I am_on_destroy_called: [0,com.wireguard.android.activity.MainActivity,performDestroy]
04-22 15:45:24.251  5344  5344 W ActivityThread: handleWindowVisibility: no activity for token android.os.BinderProxy@ff8a43b
04-22 15:45:24.264  5344  5344 I am_on_create_called: [0,com.wireguard.android.activity.MainActivity,performCreate]
04-22 15:45:24.265  5344  5344 I am_on_start_called: [0,com.wireguard.android.activity.MainActivity,handleStartActivity]
04-22 15:45:24.265  5344  5344 I am_on_resume_called: [0,com.wireguard.android.activity.MainActivity,RESUME_ACTIVITY]
04-22 15:45:25.145  5344  5344 I menu_item_selected: [0,Settings]
04-22 15:45:25.149  5344  5344 I am_on_paused_called: [0,com.wireguard.android.activity.MainActivity,performPause]
04-22 15:45:25.152  5344  5344 W ActivityThread: handleWindowVisibility: no activity for token android.os.BinderProxy@7ccc263
04-22 15:45:25.154  5344  5344 I am_on_create_called: [0,com.wireguard.android.activity.SettingsActivity,performCreate]
04-22 15:45:25.160  5344  5344 I am_on_start_called: [0,com.wireguard.android.activity.SettingsActivity,handleStartActivity]
04-22 15:45:25.160  5344  5344 I am_on_resume_called: [0,com.wireguard.android.activity.SettingsActivity,RESUME_ACTIVITY]
04-22 15:45:25.490  5344  5844 D OpenGLRenderer: endAllActiveAnimators on 0x75694d1100 (RippleDrawable) with handle 0x756929ada0
04-22 15:45:25.492  5344  5344 I am_on_stop_called: [0,com.wireguard.android.activity.MainActivity,STOP_ACTIVITY_ITEM]

grafik
grafik.png720×1280 24.1 KB

8

ok, let's start by simplifying things a little.

delete your wg firewall zone, and place your wg interface in your lan zone

Then, change your firewall rule to:

config rule
option target 'ACCEPT'
option src '*'
option proto 'udp'
option name 'Allow Wireguard for Mobiles'
option dest_port '51820'
9
  • Also, please paste output in into codeboxes using the </> icon.
  • Server IP should be the whole subnet, not a /32 on Wireguard config
  • Ensure you added the pre-shared key to the Android
1 Like
11

Hi

Accoding to may google results, for raod warrior setup this is correct. The /32 defines the IP of the wireguard interface on the android device (single ip) and the 0.0.0.0/0 defines it should route anything through the tunnel.
Or am I wrong with that?

12

There is a preshared key defined in Openwrt but I don't see it in Android.
This is optional so try to remove it and after you make it work you can add it again.

1 Like
13

I added the psk to see if it is the problem .. but I can remove it agoain. It's also entered on the Android side.

14

Just see: https://www.wireguard.com/#cryptokey-routing

You are wrong with that. Is is not a single IP, it is a network with at least a gateway and one client. I believe you used /24 in your setup on the OpenWrt.

  • Also, please use one post to reply to others, we can all see them.
1 Like
15

I did.
Changed the rule, added the wg to DMZ (don't want to touch LAN).
Rebooted

No change. Still no connection, Android log looks the same .. no handshake on the OpenWrt router.

But iptables -L -n -v | grep 51820 states that there are pakets coming in ...
And netstat shows listening sockets for udp 51820 (ipv4 and ipv6)

And I just tried with a different WLAN, not the cell phone data connection, but that didnt change something. No connection, no handshake seen on OpenWrt router.

16

Run a tcpdump and check that there is traffic going in and out on udp 51820.
However I concur with @lleachii

Make it /24 and /64 in Android too.

1 Like
17

Ok, I did.
Didn't change anything. As I don't even get a handshake, I would assume ip or routing problems should occurr afterwards ...

I'd understood it the follwing way:
On OpenWrt define an interface (local on OpenWrt), with defining the ip ranges to be covered by the interface (192.168.46.1/24). This also creates the route for this subnet to the wg interface
Also define the listening port which is the port on the OpenWrt machine to listen for incoming connections on the WAN interface.

Define a peer with the IP allowed addresses of the peer (src adresses for ip pakets), so this is 192.68.46.201/32 or 192.68.46.0/24 allowing incoming pakets from the ip adresses.

On the Android define the Interface with an IP of the allowed IP address of the peer in OpenWrt (so this is 192.168.46.201/32 or 192.168.46.0.24) .. single ip should fit as it is a single device. In any way, it should take an ip of this range as the ip of the Android device.
And define allowed ips as 0.0.0.0/0 to send any connection request through the tunnel.

Where is my missundestanding?

18

?

  • Have you verified that the UDP packets are arriving form your mobile device???
  • Does you cellular carrier permit UDP outbound traffic to port 51820?

NO, it is ONLY 192.68.46.201/32. A subnet config of /24 is invalid for a PEER.

config interface 'wg'
        option proto 'wireguard'
        option private_key 'wFODqKEJ9BdR9xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
        list addresses '192.168.46.1/24'
        list addresses 'fd42:0:0:46::1/64'
        option listen_port '51820'

config wireguard_wg
        option public_key 'Ail7Nq9lbs8yyyyyyyyyyyyyyyyyyyyyyyyy'
        option persistent_keepalive '25'
        list allowed_ips '192.168.46.210/32'
        list allowed_ips 'fd42:0:0:46::210/128'
        option preshared_key 'yDAiOb1mTizzzzzzzzzzzzzzzzzzzz'

config route                
        option interface 'wg'
        option target '192.168.46.0'
        option netmask '255.255.255.0'
19

So it had been correct.
I will now give it a 'restart from scratch'. Deinstall and reinstall again.

20

Ok
I need to thanks you all. It turned out that my settings have been correct. I did a setup from scratch and runned into the same problems.
But setting the firewall rule to accept incomming traffic from any source to port 51820 allowed to test from inside my WLAN ... AND IT WORKED.
So the problem is somewhere outside .. I still can't connect via cell phone data or another WLAN.
I'll check this tomorrow from work ...
And I then shall call my ISP. :frowning:

1 Like
21

Ok
NOW it is working. My ISP blocked a number of UDP ports ... :frowning:

1 Like
22

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.