Hello everyone,
I have been setting up a home network using OpenWRT and WireGuard VPN and am encountering some difficulties in getting my traffic properly forwarded between my lan4 interface and my VPN. this router being worked on is setup as a dumbAP behind another openwrt router.
My current setup includes lan, lan4 and vpn networks. My aim is to route all traffic from lan4 through the VPN, and I would also like to allow traffic from the VPN to reach lan4. my VPN is a static IP that allows port fowarding, i will be running a webserver on a device connected through the lan4 interface.
The main issue I am facing is that I can ping the lan4 router (10.10.14.1) from a device connected to lan4 (in this case 10.10.14.3), but I cannot reach the internet. It seems to me that this might be a routing or forwarding issue, but despite several attempts, I couldn't find a solution to this.
i have confirmed that the wireguard vpn is connected and has a connection. from openwrt i can ping using the wg0 interface. (ping google.com -I wg0)
Here are my configuration files for your reference (keys redacted):
dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
list server '1.1.1.1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
list dhcp_option '6,192.168.1.1,192.168.1.1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'lan4'
option interface 'lan4'
option start '100'
option limit '150'
option leasetime '12h'
list dhcp_option '6,10.255.255.1'
firewall
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config route
option interface 'wg0'
option target '0.0.0.0'
option netmask '0.0.0.0'
option table '100'
config defaults
option input 'REJECT'
option output 'REJECT'
option forward 'REJECT'
config include 'pbr'
option fw4_compatible '1'
option type 'script'
option path '/usr/share/pbr/pbr.firewall.include'
config zone
option name 'vpn'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wg0'
config forwarding
option src 'lan4'
option dest 'vpn'
config zone
option name 'lan4'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan4'
network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd50:f086:d64f::/48'
config device
option name 'eth0'
config device
option type 'bridge'
option name 'br-eth'
list ports 'eth0'
list ports 'vpn'
list ports 'wan'
config device
option name 'lan1'
option macaddr '28:d0:f5:56:4e:43'
config device
option name 'lan2'
option macaddr '28:d0:f5:56:4e:43'
config device
option name 'lan3'
option macaddr '28:d0:f5:56:4e:43'
config device
option name 'lan4'
option macaddr '28:d0:f5:56:4e:43'
config interface 'lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.1.170'
option gateway '192.168.1.1'
option device 'br-eth'
option metric '5'
list dns '192.168.1.1'
list dns '1.1.1.1'
config interface 'wg0'
option proto 'wireguard'
option private_key 'EL6F1/********************3hnXQ='
list addresses '100.100.68.72/32'
option peerdns '0'
config interface 'lan4'
option proto 'static'
option device 'lan4'
option ipaddr '10.10.14.1'
option netmask '255.255.255.0'
list dns '10.255.255.1'
config wireguard_wg0
option description 'Imported peer configuration'
option public_key '99Kk/D1AJ********************lX1bSfUE='
option preshared_key 'V3I8yL********************9tZ6q0MvE='
option endpoint_host '64.***.**.132'
option endpoint_port '1194'
list allowed_ips '0.0.0.0/0'
resolv.conf
search lan
nameserver 1.1.1.1
nameserver 2606:4700:4700::1111
I would greatly appreciate any guidance or suggestions to resolve this issue. Thanks in advance!
Edit: i had posted the wrong config