Installed wireguard, can't reach openwrt forum

Box-of-Spare-Parts · December 5, 2023, 3:21pm

I can only reach forum.openwrt.org while not connected to wireguard VPN from outside my LAN. I have to deactivate the wireguard tunnel on my laptop in order to reach the forums. I can reach everything else on the internet, and tracert shows that my internet traffic is going through the tunnel. Anyone else have this issue?

lleachii · December 5, 2023, 3:26pm

Welcome to the community!

Where is your Wiregard connected to?

I assume you are on you cellular device/hotspot using your mobile carrier - then you attempt to connect to a Wireguard VPN instance on your home OpenWrt device?

Can you provide specific details?

Additionally, can you provide the laptop's WG config (omit keys)?

Box-of-Spare-Parts · December 5, 2023, 7:12pm

I use an openwrt firewall for my home network. While I'm at work or any other place, I connect to my wireguard server at home, which is installed on my openwrt firewall. While I'm connected to my wireguard server, I can reach everything on the internet except openwrt forums.

This is the WG tunnel configuration on my laptop:

[Interface]
PrivateKey = OMITTED
ListenPort = 51820
Address = 192.168.9.4/32

[Peer]
PublicKey = OMITTED
PresharedKey = OMITTED
AllowedIPs = 0.0.0.0/1, 128.0.0.0/1, ::/1, 8000::/1
Endpoint = MYDOMAIN*:51820

psherman · December 5, 2023, 7:20pm

you can simplify this by using 0.0.0.0/0 and ::/0

Also, are you running IPv6 dual stack on your router and the WG peer on that side?

lleachii · December 5, 2023, 7:38pm

Did you omit your DNS setting?

Box-of-Spare-Parts · December 5, 2023, 7:42pm

On my laptop's tunnel configuration, there's no DNS

lleachii · December 5, 2023, 7:44pm

You'll need to fix that.

Box-of-Spare-Parts · December 5, 2023, 7:44pm

out of the box, I've never removed any IPv6 options. I just start adding the software packages I need.

psherman · December 5, 2023, 7:50pm

Remove the IPv6 part of the allowed IPs.

Box-of-Spare-Parts · February 5, 2024, 3:58pm

SOLVED.

I had to set the VPN interface MTU to 1420 in advanced settings. I previously had it set to 400, for the rare instances where my phone would have less than optimal cellular reception. I'm able to reach OpenWRT forums now.

lleachii · February 5, 2024, 7:11pm

You shouldn't need an MTU that low. I still work with 2400 baud radio, you literally have the MTU set lower than that. Glad you fixed your nonstandard configuration.

I'm shocked you only got errors on one website.

system · February 15, 2024, 7:14pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.