Configuration via cli [Solved]

When I configure OpenWRT via the web (LuCi) everything works. Now I want to configure OpenWRT via SSH
What I will configure

  1. Wireless
  2. Wireguard
  3. Firewall
/etc/config/wireless
/etc/config/network
/etc/config/firewall

I login to OpenWRT via ssh

ssh root@192.168.1.1
vi /etc/config/wireless

I will write at the end of the file

config wifi-iface 'wifinet1'
        option device 'radio0'
        option mode 'sta'
        option network 'wwan'
        option ssid 'my_ssid'
        option encryption 'psk2'
        option key 'my_password'

vi /etc/config/network

I will write at the end of the file

config interface 'wwan'                   
        option proto 'dhcp'

config interface 'wg0'         
        option proto 'wireguard'
        option private_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx='
        option listen_port '51820'                                       
        list addresses '10.10.10.4'                                       
                                                                          
config wireguard_wg0                                                     
        option description 'server'                                      
        option public_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=' 
        list allowed_ips '10.10.10.0/24'                                  
        list allowed_ips '192.168.2.0/24'                                
        option route_allowed_ips '1'                                     
        option endpoint_host 'my-host-example.com'                            
        option endpoint_port '51820'   
vi /etc/config/firewall

I will write at the end of the file

config zone                                     
        option name 'wg0'                       
        option input 'ACCEPT'                   
        option output 'ACCEPT'                  
        option forward 'REJECT'                 
        list network 'wg0'

config forwarding                               
        option src 'lan'                        
        option dest 'wg0'

config forwarding                               
        option src 'wg0'                        
        option dest 'lan'

Next

reboot

After the reboot, I SSH in and enable wireless

uci set wireless.radio0.disabled='0'
uci commit wireless
wifi reload

vI will install wireguard

opkg update
opkg install luci-app-wireguard
reboot

After the reboot everything seems to work. I can log in from a LAN network via wireguard to a remote network on the other side of the world.
However, I cannot access the Internet from the LAN network.
What else did I forget?
Does it look like a problem with DNS?

If you have ssh, and I assume router still got luci, why not tunnel the web traffic?

1 Like

Since you're not tunneling the whole Internet, the wwan interface (the regular wan) should be added to the wan zone and a forward from lan to wan included (which is there by default). Then access to general Internet (everywhere other than the allowed_ips) will go unencrypted by the wwan and the local ISP.

2 Likes

@mk24
Thx

uci add_list firewall.cfg03dc81.network='wwan'

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.