Help regarding cloudflare warp wireguard vpn

lleachii · November 29, 2022, 5:41pm

You could Direct Message me here.

But why?

I am able to generate and use credentials successfully from wgcf.

amirulandalib · November 29, 2022, 5:46pm

root@OpenWrt:~# curl --interface cf https://ipinfo.io
{
  "ip": "104.28.240.82",
  "city": "Dhaka",
  "region": "Dhaka",
  "country": "BD",
  "loc": "23.7104,90.4074",
  "org": "AS13335 Cloudflare, Inc.",
  "postal": "1000",
  "timezone": "Asia/Dhaka",
  "readme": "https://ipinfo.io/missingauth"

Works now but doesn't route to my phone

lleachii · November 29, 2022, 5:48pm

(That is not a direct/private message)

amirulandalib · November 29, 2022, 5:49pm

Btw had to fix this connection error I tried manual DNS 1.1.1.1 then after some tries it works accordingly

amirulandalib · November 29, 2022, 5:50pm

It works now but doesn't route to my phone help me for this

lleachii · November 29, 2022, 5:51pm

Not sure what that means. I thought this was setup on the OpenWrt.

amirulandalib · November 29, 2022, 5:53pm

I want it to route this warp vpn through all the devices connected to the router

lleachii · November 30, 2022, 12:30am

Try: https://cloudflare.com/cdn-cgi/trace

I do this:

# in /etc/config/network

config route                      
        option interface 'foo_warp1'
        option target '0.0.0.0/0'
        option table '1' 

config rule                
        option src '192.168.1.0/24'                       
        option dest '0.0.0.0/0'
        option priority '1' #order in IP_rules
        option lookup '1' #table_assigned

Some use a PBR package.

(If you want to name the table, it requires extra config.)

amirulandalib · November 30, 2022, 2:57am

powtrix · November 30, 2022, 3:50am

Reconfig your wg as this steps:

amirulandalib · November 30, 2022, 6:31am

Duh I gained the necessary configurations and got my wireguard working but I have a task remaining that is I want all the connected devices to my router to be routed via the wireguard vpn on my router

lleachii · November 30, 2022, 3:03pm

foo is a placeholder for your real interface names. Reference: https://en.wikipedia.org/wiki/Foobar

lleachii · November 30, 2022, 3:11pm

Your interface name is: cf

NOT cf_foo1

amirulandalib · November 30, 2022, 4:05pm

Now ?

amirulandalib · November 30, 2022, 4:10pm

powtrix · December 2, 2022, 2:23am

To route all the network:

uci del network.cf.allowed_ips
uci add_list network.cf.allowed_ips='0.0.0.0/0'
uci set network.cf.route_allowed_ips='1'
uci commit

amirulandalib · December 2, 2022, 2:56am

After doing....

powtrix · December 2, 2022, 11:24am

Follow there: (forward to wg zone)

amirulandalib · December 2, 2022, 2:47pm

This isn't gonna be easy I will try though

laingo · December 3, 2022, 1:54pm

What do your firewall settings look like?

For direct routing through cf from a specific interface a rule like this could work.

config route
        option table '10'
        option target '0.0.0.0/0'
        option interface 'cf'

config rule
        option in 'lan'
        option lookup '10'

This is only really useful if you have specific routing requirements. My use-case was routing a specific wireless network via WARP without option route_allowed_ips '1' on the wireguard interface.

Your requirement comes across as straightforward routing for all traffic to WARP as the WAN

So you really don't need to resort to adding tables and routes.

You only need this entry in your firewall (fw3)

config zone
	option name 'wan'
	list network 'wan'
	list network 'wan6'
	list network 'cf'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option src 'lan'
	option dest 'wan'