Basically:
- Generate a config using
wgcf- https://github.com/ViRb3/wgcf - Add config to OpenWrt
so it is not working?
ill try thx!
1 Like
no working added everything , got handshake, not redirecting thru vpn
config files??
Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
cat /etc/config/network
cat /etc/config/firewall
1 Like
Did you set things to route thru the VPN yet?
- In your case,the interface is you wg interface.
foois a placeholder for the example. - This can all be done in the LuCI web GUI
how do i set it to route everiting thru vpn?
i did this in network
config route option interface 'foo_warp1'
option target '0.0.0.0/0'
option table '1'
config rule option src '192.168.1.0/24'
option dest '0.0.0.0/0'
option priority '1'
i assume this
#order in IP_rules option lookup '1' #table_assigned Some use a PBR package. spiral_notepad (If you want to name the table, …
is this
#order in IP_rules option lookup '1'
#table_assigned
is this # a comment? i do not understand, could you help me more?
after i added this
config route option interface 'wiro'
option target '0.0.0.0/0'
option table '1'
config rule option src '192.168.1.0/24'
option dest '0.0.0.0/0'
option priority '1'
#order in IP_rules option lookup '1'
got this error
so i deleted that line....
this is the actual config of my network...
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd50700e71b:00000::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.0.1'
option netmask '255.255.255.0'
option ip6assign '60'
list dns '1.1.1.1'
list dns '1.1.1.2'
config device
option name 'eth1'
option ipv6 '0'
option igmpversion '3'
config interface 'wan'
option device 'eth1'
option proto 'dhcp'
option delegate '0'
option peerdns '0'
list dns '1.1.1.1'
list dns '1.1.1.2'
config interface 'wiro'
option proto 'wireguard'
option private_key 'xxxxxxx'
option peerdns '0'
list addresses 'xxxxx'
list addresses '172.16.0.2/32'
list dns '1.1.1.1'
list dns '1.1.1.2'
config wireguard_wiro
option description 'wgcf-profile.conf'
option public_key 'xxxx'
list allowed_ips '::/0'
option endpoint_host 'engage.cloudflareclient.com'
option endpoint_port '2408'
option persistent_keepalive '25'
config device
option name 'wiro'
option macaddr 'xxx'
is there any way i can configure correctly and run wireguard warp in my router?
because i only get handshakes....
anonimized data...
heard something about openvpn routing or something like that, but i am very ignorant, i am more of following manuals or tutorials... so i am ignorant in the matter...
this did not worked
https://www.reddit.com/r/openwrt/comments/kgk5r1/any_suggestionssupport_for_installing_cloudflare/
this neither
nope
followed everything at the rule, nothing happened... just getting handshake..
what is wrong?
screenshot of wg status
thanks
Are you actually clicking the links to the post, in order to see the sample configs?
It really seems as if you copied the quotes from the previews instead. Some config lines you pasted appear to run together and have no line breaks, etc.
Also please use the codebox button to paste output, configs and code.
i am sorrry lleachii, i am new on this, i will do my best... are you sure the information you provided works? i tried it and did not worked, and that is the problem i do not know what is the order of the commands you sent me i tried but i get the same rcp error your friend got in his post
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd50700e71b:00000::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.0.1'
option netmask '255.255.255.0'
option ip6assign '60'
list dns '1.1.1.1'
list dns '1.1.1.2'
config device
option name 'eth1'
option ipv6 '0'
option igmpversion '3'
config interface 'wan'
option device 'eth1'
option proto 'dhcp'
option delegate '0'
option peerdns '0'
list dns '1.1.1.1'
list dns '1.1.1.2'
config interface 'wiro'
option proto 'wireguard'
option private_key 'xxxxxxx'
option peerdns '0'
list addresses 'xxxxx'
list addresses '172.16.0.2/32'
list dns '1.1.1.1'
list dns '1.1.1.2'
config wireguard_wiro
option description 'wgcf-profile.conf'
option public_key 'xxxx'
list allowed_ips '::/0'
option endpoint_host 'engage.cloudflareclient.com'
option endpoint_port '2408'
option persistent_keepalive '25'
config device
option name 'wiro'
option macaddr 'xxx'
ty sir
Remove the delegate line.
Add route_allowed_ips '1' to this
remove this.
reboot and test again.
If it doesn't work, let's see the output of:
wg show
cat /etc/config/firewall
1 Like
nothing works, spidered crawled openwrt forums about wireguard cloudflare and find nothing useful, please someone help me working out this thing i do not have money for a vpn 
i have tried everything in the forums and only i get is nothing more than errors or even not internet connections errors..... my head is blowing , sorry, first time i find a wall in ti field, and it is hard, cause i have wasted like 4 days or 1 week of my job because of this x.x
If you can post the info I requested, maybe we can spot other issues.
But...
it might be worth just pointing out that a VPN may not really be all that important and maybe not worth bothering... it depends on your needs.
Privacy: VPNs make broad promises of privacy, but what you're really doing is shifting the privacy considerations from your current ISP to the VPN. Can you trust the VPN provider? Maybe, but maybe not. Especially with free VPN providers, they need to make money somehow... I'm not pointing at any specific company, but just in general, how well do they maintain your privacy?
Security: The vast majority of sites and services are encrypted now (https among many other methods), so it's much harder for someone to evesdrop on your online activities. The services/sites you use may be available to the networ operator (i.e. the ISP, the VPN provider, business with wifi available to customers, etc. possibly even a bad actor in one of these locations), but they will not be able to see the content/data since it's encrypted.
Censorship: If you live in or visit a country that has censorship or other restrictions, a VPN can be really useful to circumvent state-controlled firewalls. But sometimes the VPNs are blocked as well (either by IP address or by protocol).
Geo-location: If you are in a given location and need to be able to consume content that is only available in other locations (media streaming services ocme to mind), a VPN can help with that. That said, many media streaming companies have mechanisms in place to try to prevent this.
So with all of those thigns, the real question is if you really do want to bother with a VPN, especially if it's causing you such headaches.
EDIT: Also, with cloudflare warp, censorship and geolocation and evne privacy are not part of the equation. It's purely a point-to-point encryption service... presumably useful for when you are on a public/untrusted network.
i already have a vpn but i cannot use it in openwrt so it is like i have nothing i am trying to secure myself against evil actors so i am grateful if someone can help me to use warp here, it is the only way i ve got for now...
peer: xxxxxx
endpoint: warp..ip:2408
allowed ips: 0.0.0.0/0, ::/0
latest handshake: 1 minute, 28 seconds ago
transfer: 3.77 KiB received, 13.88 KiB sent
persistent keepalive: every 25 seconds
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option synflood_protect '1'
option forward 'DROP'
option drop_invalid '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option input 'DROP'
option forward 'DROP'
list network 'wan'
list network 'wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include 'bcp38'
option type 'script'
option path '/usr/lib/bcp38/run.sh'
config zone
option name 'warp'
option input 'DROP'
option output 'ACCEPT'
option forward 'DROP'
option masq '1'
option mtu_fix '1'
list network 'wiro'
config forwarding
option src 'lan'
option dest 'warp'
config dnsmasq
list server '1.1.1.1'
sorry if my fw config is a mess, i have tried eveything to route thru wap traffic and does not works
and yes i just want to encript my stuff, as first layer of security
I don't see anythign wrong with the config.
If you remove the lan > wan forwarding, does your internet traffic stop?
removed that and traffic went down... had to re add it is there any possible way to use wireguard and route all traffic throught vpn?
looking back at your wiregaurd config, you don't have IPv4 in the tunnel.
in the allowed IPs, make sure you have 0.0.0.0/0.
I'm assuming you did add the route allowed IPs to the peer config section, too.
Restart the WG interface, and remove that lan > wan forward rule and see if that helps.
- ping 8.8.8.8
- ping google.com
2 Likes