Fail wireguard when setup multiple interfaces

Installing and Using OpenWrt Network and Wireless Configuration
1

HI
Im using Glinet GL-Ar150 router whith openwrt 18.06 to offer a wifi that connect to my wireguard server in AWS to be possible to use wireguard in all networks of gl-ar150 (LAN and WWAN).

/etc/config/network

config interface 'lan'
option type 'bridge'
option ifname 'eth1'
option proto 'static'
option hostname 'GL-AR150-60d'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.8.1'

config interface 'wan'
option ifname 'eth0'
option proto 'dhcp'
option hostname 'GL-AR150-60d'
option dns '8.8.8.8'
option peerdns '0'

config interface 'wwan'
option _orig_ifname 'wlan0'
option _orig_bridge 'false'
option proto 'dhcp'
option hostname 'GL-AR150-60d'

/etc/config/wireguard

config proxy
option main_server 'vpn'
option enable '1'

config peers 'wg_peer_2794'
option name 'vpn'
option listen_port '49258'
option dns '10.200.200.1'
option end_point 'MyIP:51820'
option allowed_ips '0.0.0.0/0'
option persistent_keepalive '25'
option address '10.200.201.6/20'
option private_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
option public_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxx'

/etc/config/wireguard_server

config servers
option local_ip '10.0.0.1'
option local_port '51820'
option enable '0'

I can start service but fail to use network showing a:

PING 8.8.8.8 (8.8.8.8): 56 data bytes
ping: sendto: No error information

Seems that lose connectivity and now I'm not sure which more tests I can do to work. If I remove wlan part or LAN part it goes well. Checking iptables and filtering by wg0

-A INPUT -i wg0 -m comment --comment "!fw3" -j zone_wireguard_input
-A FORWARD -i wg0 -m comment --comment "!fw3" -j zone_wireguard_forward
-A OUTPUT -o wg0 -m comment --comment "!fw3" -j zone_wireguard_output
-A zone_wireguard_dest_ACCEPT -o wg0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wireguard_dest_ACCEPT -o wg0 -m comment --comment "!fw3" -j ACCEPT
-A zone_wireguard_src_ACCEPT -i wg0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT

when I start service breaks ping but I didn't lose connectivity. Simply not works new connection and never connects to server.

2

Please fix the first post and use Preformatted text (the </> button) instead of Blockquote for the console output.
Also add the output of /etc/config/firewall ; ip -4 addr; ip -4 ru; ip -4 ro ls tab all; wg status

3
  • Am I missing something...or shouldn't these configs be in /etc/config/network ?
  • Am I missing seeing no config for the local WG interface?
  • What is a Wireguard server?
  • and if it's connecting to AWS, why did you assign a Private IP?
  • Where did these configs come from?!?!
  • Can you show your link for setting up OpenWrt Wireguard that gives these configs/filenames - and what they're for???