Hi. I'm trying to set up a VPN so I can connect to a few of my machines while I'm on vacation, and having zero luck getting anything working, at all. I've wiped and reconfigured the machine a dozen times, and nothing works.
I've started from a brand new install of OpenWRT 23.05.2.
I've been at it for four hours, and I'm at the end of my rope.
The WAN connection works, I'm able to configure the static IP manually, update package list, and install WireGuard by choosing luci-proto-wireguard to install all requisites.
Maybe I'm going about this all wrong, but all I want is WireGuard to let me connect to the machines on my LAN (192.168.1.1) from my iPhone and iPad, and allow me access to the internet via that connection.
The interface is severely lacking in terms of tips and documentation about what the fields mean, so I can't be sure that anything I'm entering is correct. Tutorials all suggest I assign a different netblock (192.168.2.1/24) to the WireGuard connection, but that's outside my LAN (192.168.1.1/24) so it defeats the purpose as far as I can tell.
Any assistance or background or tips would be greatly appreciated.
No, it doesn't defeat the purpose. The WG interface must be a different subnet, and then your router will route to the lan.
Do you have a config (even if it isn't working)?
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
ubus call system board
cat /etc/config/network
cat /etc/config/firewall
Given that none of the tutorials I've tried so far are either complete, or work, it would be way more helpful if you'd point to a tutorial written by one of those awesome people who know SO MUCH MORE than I do.
These tutorials are all correct and will produce a working configuration.
What you want is the road-warrior configuration:
If you get stuck or don't understand why things are setup the way they are, just ask. We can also review your configuration.
Also, it is critical that you have a true public IP on your WAN interface of your OpenWrt router -- if you don't, this config will not work because your remote devices will not be able to connect back to the main router. For this, please show us the first two octets (in bold: aaa.bbb.ccc.ddd) of your IP address as reported by the OpenWrt LuCI main status page in the IPv4 Upstream section.
After MANY failed attempts and false starts because the video tutorials were building something different (configuring routers as clients not servers, etc.), I found a YouTube Tutorial that actually worked:
I'll actually consider making a better video given all the time this took and how poor the video quality is on that one.
The magical item missing from most tutorials is forwarding the port from the WAN side to the WireGuard IP. The WG client on iOS could also use some better debugging features/tools.
