Hello, please excuse my lack of understanding about how some of this project works. Networking is not my specialty, and I'm also pretty new to OpenWrt. I'm trying to figure out how to route my traffic through my VPN. I tried following guides like this: https://mullvad.net/en/help/running-wireguard-router?Device=router&OS=openwrt , but they all have the same method of configuring, and every time I try to make it work the VPN never connects and I end up with no internet access. Are these guides wrong or is there something wrong with my configuration? I ask that things are ELI5 because I know a lot of the other discussions here involve using ssh and using the terminal, and while I do know how to use a terminal on my linux machine, using it for home networking seems like a whole other beast I haven't conquered yet.
Also: I am trying to build my way up to more advanced things. I'd like to have access to WAN and the Wireguard client from two SSIDs and 2/2 ethernet ports (There's 4 on my router, half for each.) So if this is somehow easier to do first please skip getting the entire network through the VPN.
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
ubus call system board
{
"kernel": "5.15.150",
"hostname": "OpenWrt",
"system": "ARMv7 Processor rev 0 (v7l)",
"model": "Netgear Nighthawk XR500",
"board_name": "netgear,xr500",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "23.05.3",
"revision": "r23809-234f1a2efa",
"target": "ipq806x/generic",
"description": "OpenWrt 23.05.3 r23809-234f1a2efa"
}
}
cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'looks like an ipv6?'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
config interface 'wan6'
option device 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '1 2 3 4 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '5 0t'
config interface 'Wireguard'
option proto 'wireguard'
option private_key 'redacted'
list addresses 'addressipv4redacted'
list addresses 'addressipv6redacted'
list dns '100.64.0.15'
config wireguard_Wireguard
option description 'Imported peer configuration'
option public_key 'redacted'
list allowed_ips '0.0.0.0/0'
list allowed_ips '::0/0'
option endpoint_host 'redacted'
option endpoint_port '51820'
option route_allowed_ips '1'
cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'soc/1b500000.pci/pci0000:00/0000:00:00.0/0000:01:00.0'
option channel '36'
option band '5g'
option htmode 'VHT80'
option disabled '1'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
config wifi-device 'radio1'
option type 'mac80211'
option path 'soc/1b700000.pci/pci0001:00/0001:00:00.0/0001:01:00.0'
option channel '1'
option band '2g'
option htmode 'HT20'
option disabled '1'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option filter_aaaa '0'
option filter_a '0'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
option ra_slaac '1'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
cat /etc/config/firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config zone
option name 'Wireguard'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'Wireguard'
config forwarding
option src 'lan'
option dest 'Wireguard'
config forwarding
option src 'lan'
option dest 'wan'
All looks fairly standard. What is the output of:
wg show
1 Like
wg show
interface: Wireguard
public key: interface public key
private key: (hidden)
listening port: 47251
peer: peer public key
endpoint: the vpn endpoint ip:51820
allowed ips: 0.0.0.0/0, ::/0
looks like it is not handshaking.
how about the output of
date
1 Like
date
Wed Jun 5 03:12:45 UTC 2024
That all looks fine. I suspect there is an issue with your wg config information. it could be an issue with the keys, addresses (in the wg interface stanza), and/or the endpoint host/port.
1 Like
Alright, I'll try putting everything in again. Would it be less error prone for me to import a generated config from my provider?
Well, what do you know. I retraced the whole process for the third time and got it right. I appreciate your fast help. I don't know what the world would do without people like you
system
June 15, 2024, 3:26am
11
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.
