Ahoy friends.
I had trouble while trying to connect my home network and my remote network using Wireguard.
Now it works, and i'm able to ping to each interface (from 10.0.0.2 to 10.0.0.1 and vise versa).
Using the console from my OpenWRT device, i have created a route to my home network.
Attention: Home network 192.168.2.0, remote network 192.168.1.0
So i logged into my OpenWRT device, and performed this command. ip route add 192.168.2.0/24 via 10.0.0.1
Then i was able to ping the devices inside of my home network.
Unfortunately it does not work for my connected LAN devices on my OpenWRT devices.
Currently i got the wg0 device, the eth0 LAN device, and the wwan0 device.
My OpenWRT device is connected to another WiFI, and having a bridge br0 between wwan0 and eth0. So how can i establish the route ip route add 192.168.2.0/24 via 10.0.0.1 for my devices connected to eth0?
I hope someone understands what i mean, quite complicated config.
Inside of the SSH console everything works fine.
I'm also not able to ping any devices, from my eth0 connected notebook.
Doesn't matter if i try to ping my local OpenWRT router, or my home network 192.168.2.0, i always receive the following message.
package firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone 'lan'
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'br0 br0 wg0 lan'
config zone 'wan'
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6'
config forwarding 'lan_wan'
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config rule 'wg'
option name 'Allow-WireGuard'
option src 'wan'
option proto 'udp'
option target 'ACCEPT'
config redirect
option dest_port '5555'
option src 'wan'
option name 'WireGuard'
option src_dport '5555'
option target 'DNAT'
option dest_ip '192.168.1.1'
option dest 'lan'
list proto 'udp'
config zone
option name 'Wireguard'
option input 'ACCEPT'
option forward 'ACCEPT'
option output 'ACCEPT'
option masq '1'
option network 'Wireguard wwan'
config forwarding
option dest 'lan'
option src 'Wireguard'
config forwarding
option dest 'wan'
option src 'Wireguard'
config forwarding
option dest 'Wireguard'
option src 'lan'
config forwarding
option dest 'Wireguard'
option src 'wan'
ip -4 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
valid_lft forever preferred_lft forever
9: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
inet 192.168.43.133/24 brd 192.168.43.255 scope global wlan0
valid_lft forever preferred_lft forever
13: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
inet 10.0.0.2/24 brd 10.0.0.255 scope global wg0
valid_lft forever preferred_lft forever
ip -4 ru
0: from all lookup local
2: from all iif lo lookup 1
2: from all iif wlan0 lookup 16800
2: from all iif br-lan lookup 16801
32766: from all lookup main
32767: from all lookup default
ip -4 ro ls tab all
192.168.1.179 dev br-lan table 16800 scope link
192.168.43.1 dev wlan0 table 16801 scope link
default via 192.168.43.1 dev wlan0 proto static src 192.168.43.133
10.0.0.0/24 dev wg0 proto kernel scope link src 10.0.0.2
78.35.90.26 via 192.168.43.1 dev wlan0 proto static
85.197.43.22 via 192.168.43.1 dev wlan0 proto static
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1
192.168.2.0/24 via 10.0.0.1 dev wg0
192.168.43.0/24 dev wlan0 proto kernel scope link src 192.168.43.133
broadcast 10.0.0.0 dev wg0 table local proto kernel scope link src 10.0.0.2
local 10.0.0.2 dev wg0 table local proto kernel scope host src 10.0.0.2
broadcast 10.0.0.255 dev wg0 table local proto kernel scope link src 10.0.0.2
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 192.168.1.0 dev br-lan table local proto kernel scope link src 192.168.1.1
local 192.168.1.1 dev br-lan table local proto kernel scope host src 192.168.1.1
broadcast 192.168.1.255 dev br-lan table local proto kernel scope link src 192.168.1.1
broadcast 192.168.43.0 dev wlan0 table local proto kernel scope link src 192.168.43.133
local 192.168.43.133 dev wlan0 table local proto kernel scope host src 192.168.43.133
broadcast 192.168.43.255 dev wlan0 table local proto kernel scope link src 192.168.43.133
I can only send stuff from the OpenWRT device, because the target network is already running fine, and it's a debian system.
Unfortunately in my OpenWRT 192.168.1.0 subnet i can't even ping my own ip obtained by the OpenWRT DHCP Lol.
Yeah that's the case. My remote OpenWRT network uses 192.168.1.0 the other one 192.168.2.0 and I want to establish a route via 10.0.0.2 to 192.168.2.0
Maybe I'll try traceroute. Looks like the firewall is filtering something
It will not work with the relay you have there.
If you keep the relay you'll have to move the WG interface on the other router that wwan is connected.
Also you may want to cover the keys and the public host IP from your previous post with the configs.
Is there another way to route the traffic to the destination without having the bridge?
Fact is i can connect the wwan0 radio only to another remote network to establish an internet connection.
Unfortunately there is nothing i can change on the remote network.
So the relay is the cause why i can't ping anything?
Another way to route the traffic from my lan devices through the wg interface?
Problem solved.
I had to bind the 192.168.2.0/24 via 10.0.0.1 route to "wg0".
Traceroute helped me a lot, finally its looking like that now.
Thanks for your help!
traceroute 192.168.2.150
traceroute to 192.168.2.150 (192.168.2.150), 30 hops max, 60 byte packets
1 OpenWrt.lan (192.168.1.1) 0.346 ms 0.430 ms 0.484 ms
2 10.0.0.1 (10.0.0.1) 357.685 ms 358.520 ms 359.277 ms
3 192.168.2.150 (192.168.2.150) 359.294 ms 368.537 ms 368.539 ms