Configuring OpenWrt with WireGuard Error: Unknown error (device_claim_failed)

Installing and Using OpenWrt
1

Hello, I installed OpenWRT on Raspberry Pi 4 B, and configuring WireGurard client on it. I'm following instructions (very bad one, bat its the only that I found) from here - https://habr.com/ru/articles/694710/.
Steps: I configured WiFi. Added WAN int and binded it to eth0.
Problem: when I change LAN int - remove bridge lan-eth0 (to make free eth0 to be used only in WAN), and change it to interface wireless, in my case it is - phy0-ap0, after restart I loose connectivity to device. Checking via console I can see that phy0-ap0 does not have any IP assigned. I manually add via console using ifconfig custom IP to int phy0-ap0, and then I'm able to connect. After login I can see this error on int phy0-ap0 - Error: Unknown error (device_claim_failed); please see screenshots attached. When I restart int phy0-ap0 inside GUI all returns to normal - it gets ip assigned and DHCP is working, I can connect via GUI and SSH, internet access is working. But after any reboot of device I loose connectivity and I have the same problem again. What could be the issue here? Thank you.

Screenshots:

  1. Before removing bridge -

    Убираю Eth0 - было
    Убираю Eth0 - было1013×752 62.7 KB

  2. After removing bridge -

    Убираю Eth0 - стало
    Убираю Eth0 - стало985×815 81.5 KB

  3. The issue on the interface after reboot and after I assigned custom IP to be able to connect. -

    Device Claim Failed
    Device Claim Failed1851×804 123 KB

2

Welcome to the community!

Where is the config for your Wireguard interface?

4

There is none at this point. I can add it up later, but current problem is as described above.

1 Like
5

Update: Inteface wg0 is already configured, but was down because eth0 cable was not connected.
Here is the full picture:
This is configured setup for the moment on all interfaces on OpenWRT:
root@OpenWrt:~# ifconfig
eth0 Link encap:Ethernet HWaddr D8:3A:DD:66:57:AC
inet addr:192.168.7.12 Bcast:192.168.7.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6264 errors:0 dropped:0 overruns:0 frame:0
TX packets:4716 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:731805 (714.6 KiB) TX bytes:673446 (657.6 KiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:2595 errors:0 dropped:0 overruns:0 frame:0
TX packets:2595 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:236144 (230.6 KiB) TX bytes:236144 (230.6 KiB)

phy0-ap0 Link encap:Ethernet HWaddr DA:3A:DD:66:57:AC
This IP is assigned by using ifconfig -- >> inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 - on the interface to which I connected now IP 192.168.4.1 with DHCP ON
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10049 errors:0 dropped:0 overruns:0 frame:0
TX packets:9259 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:993744 (970.4 KiB) TX bytes:2719291 (2.5 MiB)

wg0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.66.66.2 P-t-P:10.66.66.2 Mask:255.255.255.255
inet6 addr: fd42:42:42::2/128 Scope:Global
UP POINTOPOINT RUNNING NOARP MTU:1420 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

6

Currently, this is the OpenWRT release I'm trying to work on:
root@OpenWrt:/etc# cat openwrt_release
DISTRIB_ID='OpenWrt'
DISTRIB_RELEASE='23.05.0'
DISTRIB_REVISION='r23497-6637af95aa'
DISTRIB_TARGET='bcm27xx/bcm2711'
DISTRIB_ARCH='aarch64_cortex-a72'
DISTRIB_DESCRIPTION='OpenWrt 23.05.0 r23497-6637af95aa'
DISTRIB_TAINTS=''
root@OpenWrt:/etc#

7

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
8

Thank you for response from your side. Here are details you asked for:

1. root@OpenWrt:/etc# ubus call system board
{
        "kernel": "5.15.134",
        "hostname": "OpenWrt",
        "system": "ARMv8 Processor rev 3",
        "model": "Raspberry Pi 4 Model B Rev 1.5",
        "board_name": "raspberrypi,4-model-b",
        "rootfs_type": "ext4",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.0",
                "revision": "r23497-6637af95aa",
                "target": "bcm27xx/bcm2711",
                "description": "OpenWrt 23.05.0 r23497-6637af95aa"
        }
}
root@OpenWrt:/etc#

2. root@OpenWrt:/etc# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd3a:65c6:92f8::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'lan'
        option device 'phy0-ap0'
        option proto 'static'
        option ipaddr '192.168.4.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'WAN'
        option proto 'dhcp'
        option device 'eth0'
        option hostname '*'

config device
        option name 'phy0-ap0'
        option ipv6 '0'

config device
        option name 'eth0'
        option ipv6 '0'

config interface 'wg0'
        option proto 'wireguard'
        option private_key 'private_key'
        list addresses '10.66.66.2/32'
        list addresses 'fd42:42:42::2/128'
        list dns '8.8.8.8'
        list dns '1.1.1.1'

config wireguard_wg0
        option description 'wg0-client-Espania.conf'
        option public_key 'publick_key'
        option preshared_key 'preshared_key'
        option endpoint_host 'endpoint_ip'
        option endpoint_port '64044'
        option route_allowed_ips '1'
        list allowed_ips '10.66.66.0/24'

root@OpenWrt:/etc#

3. root@OpenWrt:/etc# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/soc/fe300000.mmcnr/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
        option channel '36'
        option band '5g'
        option htmode 'VHT80'
        option cell_density '0'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'psk2'
        option key 'wireless_password'

root@OpenWrt:/etc#

4. root@OpenWrt:/etc# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'
        option filter_aaaa '0'
        option filter_a '0'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

root@OpenWrt:/etc#

5. 	root@OpenWrt:/etc# cat /etc/config/firewall

config defaults
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'
        list network 'wan6'
        list network 'WAN'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config zone
        option name 'wg0_wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'wg0'

config forwarding
        option src 'lan'
        option dest 'wg0_wan'

root@OpenWrt:/etc#
9

Remove eth0 from here:

Set the device back to br-lan:

Make wan lowercase:

Delete these:

Remove the uppercase wan from this:

Reboot and test again.

1 Like
10

En Process.

A question: I removed eth0 from br-lan, it was still binded, now removed.
But I can not add to bridge interface phy0-ap0: its not listed (guessed that's how it should be earlier, but it does not work) - >>

Not possible to bridge wireless
Not possible to bridge wireless1386×767 74.8 KB

Second question: Do you mean I need to enable ipv6 on phy0-ap0 and eth0? I disabled it myself. Thank you!
Delete these:

11

Apparently, it looks like these two advices worked out! After reboot I receive correct IP address assignment on interface phy0-ap0 (wireless) , and internet access is working -) Now I can proceed to second stage of configuring WireGuard interfaces between my Raspberry and my VDS server.

Remove eth0 from here:

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

and 

Make wan lowercase:

config interface 'WAN'
        option proto 'dhcp'
        option device 'eth0'
        option hostname '*
12

Thank you for your help! Device is still working -) All the best.

13

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.