Then I will add this to it.
Still no handshake...
It did work when you configured NordVPN via Wireguard on your WSL instance though?
It should just be a matter of copying the keys and IP address over to a different Linux like OpenWrt.
Ah that was a miss understanding from me. I made a virtual machine with Ubuntu on it and I did not work with WSL. The wireguard information I did got from the virtual machine, like it was said in the tutorial.
After configuring the WireGuard interface, try this (adapts to your needs)
https://www.gastonotero.com/blog/creating-a-vpn-only-lan-in-openwrt
Add netmask default interface wireguard
config interface 'interface_wg'
option proto 'wireguard'
option private_key '<private_key>'
list addresses '10.5.0.2/32'Do not do that. Your tunnel network has to be large enough to include the servers tunnel IP at the other end. Typically it is a /24, it must be at least a /30. Start up your VM again and confirm that it is reaching the Internet via VPN using tools like ping, traceroute, and an IP test site such as wget -q -O - https://api.ipify.org && echo (this is a CLI equivalent of "whatsmyip"). Then examine the Ubuntu VM's wireguard configuration and copy that exactly to your router.
Do not run the router VPN and the VM at the same time since they are using the same addresses and credentials the server will not like that.
This is the submask that every wIreguard interface uses, I have Proton VPN and Express VPN and they all use /32 submask
Well it will be a Sunday job. I will update you guys tomorrow.
Well guys, I am finally back again some personal stuff came through.
But I tried everything like was said here above. Correct me if I am wrong, the private and the public keys need to be write down correctly in the interface, right? So when they are correct does that will make the handshake?
It may be helpful to take a step backwards first.
Just to be clear. You are setting up RPi4 that is to connect to WiFi you have and offer clients of RPi4 encrypted connection through VPN? Is that the idea? Why aren't you using RPi4 itself as the main router?
Could you draw a diagram of what you are trying to achieve?
The keys and IP addresses have to be exactly the same that NordVPN loaded into your Linux VM.
1 Like
I do have the feeling that I am writing it down wrong
I finally have an handshake:
But now the firewall... my goal is that my clients now use the vpn connection that is made. How can I do that?
1 Like
Since the Pi doesn't have to do anything else here, the standard setup where all Internet use from the LAN is routed through the VPN will work. This is done with route_allowed_ips set to 1 and the VPN tunnel device placed in the wan firewall zone.
2 Likes
What do you mean with this? How do I do this?
Add list device 'wg0' to the wan zone definition in /etc/config/firewall.
You don't care about "kill switch" here but depending on how closely the TV provider looks at what you're doing you may need to set DNS to a public DNS reachable through the VPN tunnel.
The DNS servers I have are from NordVPN themselves, is that also fine?