I have an Openvpn client running on my router and all lan traffic is channelled through that client. I have also set up a Wireguard server (bound to lan) to connect from outside my home. Two issues that I can't seem to be able to resolve. 1. on my local lan/wifi, the Wireguard handshake on my phone happens, but the there is no access to lan or internet. 2. when I’m outside my home, there is no Wireguard handshake at all. I want the connecting phone to have full lan access and(!) internet access via the Openvpn client(!) not wan.
Has anyone come across these issues? I am new to OpenWRT, I have been trying to make it work (trial and error) for a couple of days but it just isn’t happening so thanks you for sharing your solution if you have the same setup 
First thing that caught my eyes is having Wireguard “bound to LAN” but then you expect it to listen from “outside” what I believe is your WAN. From the guides I've seen about WG on OpenWRT, it should exist as a it's own thing (wg0 interface with its own subnet) and allowed to talk to one or both sides as needed. That is how I have set it up anyway: [OpenWrt Wiki] WireGuard server https://openwrt.org/docs/guide-user/services/vpn/wireguard/server
With that setup, not having access to LAN tells me either the firewall rules or the “allowed ips” (eg. What traffic to let into the tunnel) is wrong, potentially both. But in this case it could just be the setup with WG having “bound to LAN” as you said, it not being able to bridge the traffic back. Maybe someone else can tell if this would work with different settings though..
I don't have much experience with OVPN, I have used it but only until I've replaced it with WG. But let's see if we can resolve the rest first.
Also might sound obvious but when I was setting up Wireguard, a reboot on the router was a must have otherwise none of it worked, even though the guide did not specify it. Just in case 
How to setup a WireGuard server my way:
WireGuard Server Setup Guide
You need some form of Policy Based Routing (PBR) to make sure the traffic for the WireGuard server is going out via the wan and not via the VPN.
You can add the full PBR app:
You can do it manually with netifd:
OpenWRT Policy Based Routing (PBR)
Go to Creating Routing tables via the WAN
Or use a script:
Although installing the PBR app is the easiest as that does it fully automatically it might be overkill, so doing a simple manual setup with a rule to route the listenport of the WG server via the wan routing table might be the simplest
thank you, PBR was the solution, let the handshake happen via WAN and then forward to the regular lan/vpn
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.