Hello community,
I'm encountering an issue with DLNA services on my OpenWrt router when WireGuard is enabled. I'm seeking your expertise to help me resolve this issue.
Issue Summary:
DLNA services are not accessible when WireGuard is enabled on my OpenWrt router. I've verified that DLNA is properly configured and functional when WireGuard is turned off. However, when WireGuard is enabled, DLNA access seems to be blocked.
I'm seeking assistance in identifying the root cause of this issue. Specifically, I'd like guidance on:
Ensuring that the firewall rules are correctly allowing DLNA traffic when VPN is up.
Any insights or suggestions you can provide would be greatly appreciated.
Thank you in advance for your help!
Your post is not detailed enough to provide any meaningful feedback or suggestions... let's start by reviewing your configuration:
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </>
" button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
1 Like
Thanks for looking into my issue Peter. Much appreciated.
Here is the output of the commands:
ubus call system board
{
"kernel": "5.15.137",
"hostname": "OpenWrt",
"system": "ARMv7 Processor rev 1 (v7l)",
"model": "Linksys WRT1900AC v2",
"board_name": "linksys,wrt1900ac-v2",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "23.05.2",
"revision": "r23630-842932a63d",
"target": "mvebu/cortexa9",
"description": "OpenWrt 23.05.2 r23630-842932a63d"
}
}
cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdee:4ff0:e192::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.10.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device
option name 'wan'
option macaddr 'gf:ef:68:ab:fg:b6' <- Not a Real MAC address
config interface 'wan'
option device 'wan'
option proto 'dhcp'
option peerdns '0'
list dns 'VPN _DNS1' #for dns leaks
list dns 'VPN _DNS2' #for dns leaks
config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
option auto '0'
option reqaddress 'try'
option reqprefix 'auto'
config interface 'wg0'
option proto 'wireguard'
option private_key '<Pvt-key>'
list addresses '10.14.0.2/16'
list dns 'VPN _DNS1' #for dns leaks
list dns 'VPN _DNS2' #for dns leaks
option delegate '0'
config wireguard_wg0
option description 'Mumbai'
option public_key '<Public-key>'
list allowed_ips '0.0.0.0/0'
option endpoint_host 'in-mum.prod.surfshark.com'
option endpoint_port '51820'
option route_allowed_ips '1'
cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'soc/soc:pcie/pci0000:00/0000:00:01.0/0000:01:00.0'
option channel '36'
option band '5g'
option htmode 'VHT80'
option country 'FR'
option cell_density '0'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'Linksys_5Ghz'
option encryption 'psk2'
option macaddr 'gf:ef:68:ab:fg:b8' <- Not a Real MAC address
option hidden '1'
option key '<password>'
config wifi-device 'radio1'
option type 'mac80211'
option path 'soc/soc:pcie/pci0000:00/0000:00:02.0/0000:02:00.0'
option channel '1'
option band '2g'
option htmode 'HT20'
option disabled '1'
option country 'FR'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
option macaddr 'gf:ef:68:ab:fg:b7' <- Not a Real MAC address
cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option filter_aaaa '0'
option filter_a '0'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
cat /etc/config/firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option mtu_fix '1'
option log '1'
option family 'ipv4'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config zone
option name 'vpn'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'wg0'
option masq '1'
option family 'ipv4'
option log '1'
config forwarding
option src 'lan'
option dest 'vpn'
config rule
option name 'Allow UDP 1900 Incoming'
option src 'lan'
option dest 'vpn'
option proto 'udp'
option dest_port '1900'
option target 'ACCEPT'
list dest_ip '10.14.0.2'
config rule
option name 'Allow UDP 1900 Outgoing'
option src 'vpn'
option dest 'lan'
option proto 'udp'
option dest_port '1900'
option target 'ACCEPT'
list dest_ip '10.14.0.2'
eddie619:
DLNA services are not accessible when WireGuard is enabled on my OpenWrt router. I've verified that DLNA is properly configured and functional when WireGuard is turned off. However, when WireGuard is enabled, DLNA access seems to be blocked.
If these protocols work via broadcast on IPv4/6, they won't work over a wireguard point to point link.
SSDP by nature is broadcast.
So if "your tunnel" is up (between your client and your router), your client won't receive DLNA SSDP traffic.
Hi Peter,
Will it not work even if the required ports etc are forwarded on the router?
Where are the is the client device and where is the server device that are involved in this issue? Are they both local and on the 192.168.10.0/24 network? How are they connected? WiFi? Ethernet? Is the connection directly to the router for each of those, or is there other hardware involved?