Fail wireguard when setup multiple interfaces

Im using Glinet GL-Ar150 router whith openwrt 18.06 to offer a wifi that connect to my wireguard server in AWS to be possible to use wireguard in all networks of gl-ar150 (LAN and WWAN).


config interface 'lan'
option type 'bridge'
option ifname 'eth1'
option proto 'static'
option hostname 'GL-AR150-60d'
option netmask ''
option ip6assign '60'
option ipaddr ''

config interface 'wan'
option ifname 'eth0'
option proto 'dhcp'
option hostname 'GL-AR150-60d'
option dns ''
option peerdns '0'

config interface 'wwan'
option _orig_ifname 'wlan0'
option _orig_bridge 'false'
option proto 'dhcp'
option hostname 'GL-AR150-60d'


config proxy
option main_server 'vpn'
option enable '1'

config peers 'wg_peer_2794'
option name 'vpn'
option listen_port '49258'
option dns ''
option end_point 'MyIP:51820'
option allowed_ips ''
option persistent_keepalive '25'
option address ''
option private_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
option public_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxx'


config servers
option local_ip ''
option local_port '51820'
option enable '0'

I can start service but fail to use network showing a:

PING ( 56 data bytes
ping: sendto: No error information

Seems that lose connectivity and now I'm not sure which more tests I can do to work. If I remove wlan part or LAN part it goes well. Checking iptables and filtering by wg0

-A INPUT -i wg0 -m comment --comment "!fw3" -j zone_wireguard_input
-A FORWARD -i wg0 -m comment --comment "!fw3" -j zone_wireguard_forward
-A OUTPUT -o wg0 -m comment --comment "!fw3" -j zone_wireguard_output
-A zone_wireguard_dest_ACCEPT -o wg0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wireguard_dest_ACCEPT -o wg0 -m comment --comment "!fw3" -j ACCEPT
-A zone_wireguard_src_ACCEPT -i wg0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT

when I start service breaks ping but I didn't lose connectivity. Simply not works new connection and never connects to server.

Please fix the first post and use Preformatted text (the </> button) instead of Blockquote for the console output.
Also add the output of /etc/config/firewall ; ip -4 addr; ip -4 ru; ip -4 ro ls tab all; wg status

  • Am I missing something...or shouldn't these configs be in /etc/config/network ?
  • Am I missing seeing no config for the local WG interface?
  • What is a Wireguard server?
  • and if it's connecting to AWS, why did you assign a Private IP?
  • Where did these configs come from?!?!
  • Can you show your link for setting up OpenWrt Wireguard that gives these configs/filenames - and what they're for???