OpenWrt and Wireguard

Installing and Using OpenWrt Network and Wireless Configuration
1

Recently I set up my Raspberry Pi with a Wireguard VPN. Through this VPN I can now connect to the internet using mobile data, and ANY WiFi network I have been using or tried using. - THIS WORKS PERFECT ON MY ANDROID PHONE

Now I would like to expand my possibilities:

I wan't my TRAVEL router (OpenWRT) to do the same thing in order for me and my family for NOT have the WireGuard APP installed to do this.

I have tried many different tutorials, but none seems to work for me :frowning:

I have the wg.conf files available, but I would like to be able to take this router to new places in the world, plug it into a RJ45 network, AND SURF FROM HOME

Where can I find a solution that works for me?

Does anybody have this setup, and running who can help me out here?

2

Gl. Inet travel router

3

I'm sorry, but this I do not understand

4

Did you followed this one?

What didn't work? If you test it ensure that you test it from a remote network.

1 Like
5

No I did not

I will try this later, but in 1. Preperation, where do I enter these configuration parameters? Through SSH?

Install packages

opkg update
opkg install wireguard

# Configuration parameters
WG_IF="vpn"
WG_SERV="SERVER_NAME_OR_IP_ADDRESS"
WG_PORT="51820"
WG_ADDR="192.168.9.2/24"
WG_ADDR6="fdf1:e8a1:8d3f:9::2/64"

And What is the WG_ADDR is this my local IP, or the assigned IP I get when accessing my VPN?
I Also do no use IPv6 so what should I put here?

Sorry for being a noob in this matter, these questions are why I did not try this tutorial earlier :frowning:

Thank you

6

I'm recomented for you Gl-iNet routers look the link

7

Yes that would be connecting to your router via SSH.

That is the local endpoint IP of your WG Client.

In that case just don't use WG_ADDR6 and also leave it out in the step 4.

Generally these instructions are aligned with the tutorial for Openwrt WG Server. If you already have your own WG Server running you would need to adapt respectively. It may make sense to read the Openwrt WG Server Wiki to see how these settings corresponds.

8

Well I already got a router which is working just fine :), but thx for the suggestion.

9

Could you dumb it down a little bit more for me?:

WG_ADDR (Local endpoint IP of WG Client) - Is this the IP address of my raspberry pi which has the WireGuard VPN installation, or is this the Public IP address which my Wireguard server is behind?

If/Once this is done, I will make a great little tutorial for everybody :slight_smile:

10

This is the local IP that the tunnel interface on your router will take up.
Every "End" of the Wireguard Tunnel has an IP address. On top of that you then enable the routing of the Site LAN (allowed IP's).

You wrote

So how did you configure it on your Android Phone?

11

This is a much better explanation
https://stackoverflow.com/a/65453146

1 Like
12

Ok at the end of the thread I pointed to is the explanation why you might not have configured it on the Android Phone, it can be assigned dynamically from the Peer. But maybe setting it static makes more sense to have this organized.

#######################
One more thing to know about Endpoint is that you only need to set it on one side of a WireGuard tunnel (but you can set it on both sides if both sides have a static IP). If you set an Endpoint for Peer B in Peer A's config, but you omit it for Peer A in Peer B's config, Peer A will be able to initiate and set up the tunnel with Peer B, without Peer B having to know Peer A's endpoint ahead of time.

This is ideal if Peer A has a dynamically-assigned public IP address; but the drawback is that Peer B won't be able to initiate the tunnel -- it will have to wait for Peer A to connect to it. If you sometimes need for Peer B to initiate a connection to Peer A, you can mitigate this by including a PersistentKeepalive setting for Peer B in Peer A's config -- this will direct Peer A to proactively reach out and connect to Peer B every N seconds (where N is the value you put in the PersistentKeepalive setting).

13

Welcome @agoralive I am relatively new to Wireguard but here is my understanding in plain English of how it can be used:

  1. Wireguard Client on OpenWrt router at home, connecting to VPN service offered by VPN supplier

  2. Wireguard Server on OpenWrt router to allow Wireguard Client or App etc to connect to your home internet and browse from there.

  3. Wireguard Server on OpenWrt router to allow Wireguard Client on OpenWrt router an example of this might be to create a runnel from your home to work so that you can use systems on their intranet as if you were in the office.

This is not an exhaustive list, I am just trying to show you that the two things you say you are trying to do are very different and may need different Wireguard sofware installed.

In your first example you seemed to be sharing your mobile data to local clients on wifi.

In your second example your OpenWrt Travel Router might be configured as a WireGuard Client and be connected to a second OpenWrt router back at home, as long as the home Openwrt router has Wireguard Server installed and has connection to Internet..

In this scenario you would be creating a tunnel from the Network provided on the RJ45 to your home router.

I recommend you read through the wireguard concepts here and maybe try to find a video on YouTube, it is easier if you find one in your own language.

https://www.youtube.com/results?search_query=openwrt+wireguard

This is something you can test by having the two OpenWrt routers at home, with the travel one connected to a different Lan, such as a tether off your mobile data.

14

Not sure whether that is acceptable here, but the people behind the turris routers (based on OpenWrt) released a video how to set up a wireguard site-2-site VPN, which seems pretty close to what you might want to use:
https://www.youtube.com/watch?v=ZhkhD7E5wbs

2 Likes
15

I just scanned the QR code, which was created by Wireguard on the Rpi...

This also allows a .conf file which I have used on Android TV Boxes

I was hoping for a "easy" method like this for the router as well

16

I think that I might just be too stupid and that this will not work for me :frowning:

I thought I could "just" upload a configuration file to OpenWRT like I do in Android or IOS, which anebles me to use the device as a Tunnel to my private VPN.

I try a lot of things, and all ends up with the router rolling back.

So for a last try I will ask like this:

IS there a tutorial somewhere which lets me connect an OpenWRT router (TP-Link Archer C20) to my Private Rpi Wireguard Server, and then ALL connected devices on the router get's tunneled through my WireGuard private VPN?