This is my first time tying to set up a Wireguard on my home's router.
After following an old but seemingly comprehensive guide found on Reddit, I am stuck and need a second pair of eyes on what I am doing.
What doesn't work is – simply pinging a 22.214.171.124 after connecting my phone to Wireguard VPN. (I'm using termux app on android)
Can someone spot what's wrong with configs here? If something is missing, I will update the post with more info. In the meantime, I've contacted my ISP to rule out possibility UDP ports are not getting blocked, inspired by this – they confirmed they are not blocking.
Perhaps there are known ways / checklist to diagnose possible issues with Wireguard?
For context: I am away from home in a different country now. Would like to use a VPN, so that all traffic from my Android phone and MBP laptop would go through the VPN. In particular, I need this to be able to access some services that are only reachable from within my home country.
One mistake is the dest line. With this rule you allow forwarding from any zone to any zone. But you want to allow INPUT, so you need to remove the destination zone.
In the client allowed IPs you have ::/128, I am not sure if you intended that or not. Normally you should use ::/0
Also the address can be 10.14.0.3/24, although it won't matter much, since you route everything to the server.
Good question. At first I was committed to only using resources found on openwrt.org, but found a couple of issues:
the page you're linking to – it stumbled upon it as well – appears to be a high level guide, while I was on a lookout for something more detailed for both server and a client, but also dense enough to fit a screen,
while checking "WireGuard client" page, it immediately appeared a lot more detailed and seemingly what I need; after a closer look, I realized it covers a different use case, e.g. setting up WireGuard as a client inside OpenWRT, which is not what my scenario,
"WireGuard server" covers only server setup (I must admit I initially missed this one).
Btw, in the past I've used Wireguard by setting it up via algo script. The end result would be a .conf or .png (QR code) file that can be seamlessly imported into a client (macOS and android are the ones that I've tried and which worked for me). Would it be naive to ask for a "Peers" tab to have a button that'd register a new peer & generate a QR code / .conf file automatically?