Hi,
I tried configuring wireguard again because I havent suceeded when i tried it the last time. I used this tutorial that I found in the forum because the script in the wiki doesnt work.
If someone can fix it that would also be nice: The file "wgclient.pub" doesnt exist because it is never generated. https://openwrt.org/docs/guide-user/services/vpn/wireguard/basic
But the Problem I have now is that after I commited the firewall rule following chrisbuchans tutorial I cant access wan from my devices in lan. I dont see why this happened.
Heres everything I did:
root@OpenWrt:/etc/wireguard# wg genkey | tee /etc/wireguard/server-privatekey | wg pubkey > /etc/wireguard/server-publickey
root@OpenWrt:/etc/wireguard# wg genkey | tee client-privatekey | wg pubkey > client-publickey
root@OpenWrt:/etc/wireguard# ls
client-privatekey client-publickey server-privatekey server-publickey
root@OpenWrt:/etc/wireguard# ls
client-privatekey client-publickey server-privatekey server-publickey
root@OpenWrt:/etc/wireguard# cat server-privatekey
gNE7Q8wXqZeXqnRqQ1HtdAzLgYoUyAjGeFoRDgoc51I=
root@OpenWrt:/etc/wireguard# iQpSMa5TZVVD6i2L1Lxqveg+glLEmzxS8VZ4LtOM5yQ=
-ash: iQpSMa5TZVVD6i2L1Lxqveg+glLEmzxS8VZ4LtOM5yQ=: not found
root@OpenWrt:/etc/wireguard# uci add firewall rule
cfg1992bd
root@OpenWrt:/etc/wireguard# uci set firewall.@rule[-1].src="*"
root@OpenWrt:/etc/wireguard# uci set firewall.@rule[-1].target="ACCEPT"
root@OpenWrt:/etc/wireguard# uci set firewall.@rule[-1].proto="udp"
root@OpenWrt:/etc/wireguard# echo test
test
root@OpenWrt:/etc/wireguard# echo test
test
root@OpenWrt:/etc/wireguard# uci set firewall.@rule[-1].dest_port="51820"
root@OpenWrt:/etc/wireguard# uci set firewall.@rule[-1].name="Allow-Wireguard-Inbound"
root@OpenWrt:/etc/wireguard# uci commit firewall
root@OpenWrt:/etc/wireguard# /etc/init.d/firewall restart
Warning: Unable to locate ipset utility, disabling ipset support
Warning: Section @zone[0] (lan) cannot resolve device of network 'lan vpnserver vpnserver vpnserv'
Warning: Section @rule[12] (Port 80 forward) does not specify a protocol, assuming TCP+UDP
Warning: Section @rule[13] (Port 443 forward) does not specify a protocol, assuming TCP+UDP
* Flushing IPv4 filter table
* Flushing IPv4 nat table
* Flushing IPv4 mangle table
* Flushing IPv6 filter table
* Flushing IPv6 mangle table
* Flushing conntrack table ...
* Populating IPv4 filter table
* Rule 'Allow-DHCP-Renew'
* Rule 'Allow-Ping'
* Rule 'Allow-IGMP'
* Rule 'Allow-IPSec-ESP'
* Rule 'Allow-ISAKMP'
* Rule 'Allow-OpenVPN'
* Rule 'Port 80'
* Rule 'Port 443'
* Rule 'Port 80 forward'
* Rule 'Port 443 forward'
* Rule 'Allow OpenVPN forward'
* Rule 'Allow-WireGuard'
* Rule 'Allow-Wireguard-Inbound'
* Redirect 'Port 80 alpine'
* Redirect 'Alpine 443'
* Redirect 'openvpn 1194'
* Forward 'lan' -> 'wan'
* Zone 'lan'
* Zone 'wan'
* Populating IPv4 nat table
* Redirect 'Port 80 alpine'
* Redirect 'Alpine 443'
* Redirect 'openvpn 1194'
* Zone 'lan'
* Zone 'wan'
* Populating IPv4 mangle table
* Zone 'lan'
* Zone 'wan'
* Populating IPv6 filter table
* Rule 'Allow-DHCPv6'
* Rule 'Allow-MLD'
* Rule 'Allow-ICMPv6-Input'
* Rule 'Allow-ICMPv6-Forward'
* Rule 'Allow-IPSec-ESP'
* Rule 'Allow-ISAKMP'
* Rule 'Allow-OpenVPN'
* Rule 'Port 80'
* Rule 'Port 443'
* Rule 'Port 80 forward'
! Skipping due to different family of ip address
! Skipping due to different family of ip address
* Rule 'Port 443 forward'
! Skipping due to different family of ip address
! Skipping due to different family of ip address
* Rule 'Allow OpenVPN forward'
! Skipping due to different family of ip address
* Rule 'Allow-WireGuard'
* Rule 'Allow-Wireguard-Inbound'
* Forward 'lan' -> 'wan'
* Zone 'lan'
* Zone 'wan'
* Populating IPv6 mangle table
* Zone 'lan'
* Zone 'wan'
* Set tcp_ecn to off
* Set tcp_syncookies to on
* Set tcp_window_scaling to on
* Running script '/etc/firewall.user'