I have a raspberry pi 5, and I want to use it as a VPN router on top of my main router, the pi would be connected via Ethernet and then it would create a WiFi network that I could access the internet from and my traffic would go over the VPN (Ethernet from main router> pi 5> WiFi from the onboard radio > other devices). However now I can’t configure my VPN because I am unable to SSH into the router and thus can’t follow the instructions given by my VPN provider.
I read a few other topics on the forum and did the following:
Set a password
In /etc/config/network I changed the default config to something like this:
config device
option name 'br-lan'
option type 'bridge'
list ports 'wlan0'
config interface 'lan'
option device ‘br-lan’
option proto 'static'
option ipaddr 'xxx.xxx.x.x’
option netmask 'xxx.xxx.xxx.x'
config interface 'wan'
option device 'eth0’
option proto 'dhcp'
Create a WiFi network and connect to it in a device
Install wireguard
So the config changes were creating a wan interface and putting ‘eth0’ in there, also I put ‘wlan0’ on ‘br-lan’, that seems to give the pi (and its WiFi network) internet access, I can now connect to the WiFi and have internet, however the connection times out when connecting to my pc via Ethernet and trying to SSH into the router.
I don’t have a good grasp on the basics of networking so this may be a really obvious mistake on my part, can anyone guide me please?
For starters, the wireless hardware should never be referenced in the network config file:
remove the ports line and instead use:
option bridge_empty '1'
You've over-redacted this -- the lan is almost certainly an RFC1918 address, but we don't know what. This information is critical to help you and it is not sensitive/private information.
At this point I enabled the WiFi network on the pi, the package I want to install in luci is luci-proto-wireguard, should I connect the pi to Ethernet now or is there anything else I should change in my config before I install anything?
Is this a literal cut'n'paste entry? Those non-quote-but-look-like-quotes characters will cause uci no end of grief, possibly silently. What editor are you using on your config files?
I’m using vi but no they aren’t cut and paste, I’m using another device to post here, I just scanned the text from a photo that’s probably why it looks weird
Aside from the quotes mentioned by @efahl (which is apparently simply an artifact of the method of posting the configs here), that file looks fine now. You should e able to connect via wifi (assuming you've enabled it) without issue.
This suggests that everything here is working as expected. And, it means that the Wireguard config may have been at fault for the problems you experienced.
What is the purpose of the WireGuard VPN? Is it outbound (i.e. to a commercial VPN provider or another endpoint such as a the remote side of a road-warrior config), or is it listening for inbound connections for remote access and/or the 'server' side of a road warrior configuration?
I want it for connecting to a commercial VPN, but then how can I set it up correctly? I’m using this guide by Mullvad, the only thing it says (that I did) is to install the luci-proto-wireguard package in luci.
At first glance, that looks like it's probably a fine tutorial. This should not interrupt your ability to connect to the router. Go ahead and follow the guide and we can review if things aren't working properly after.
Don't forget that since you are using a Pi, you have the option to take the card out and put it into a card reader on a computer for posting (and/or editing). Or, worst case, you can connect a keyboard and display to your pi and take a picture of the screen for troubleshooting (this is not a desirably option, but can be used in a pinch).