I am trying to use openwrt in oracle free cloud, the problem I am facing is that there is only single vnic available and I cant add another vnic. I am loooking to configure it so I can use it as wireguard server and client for site 2 site vpn for my geo locations Asia and north America. following is the network configuration, my understanding is that everything is being forwarded from my public IP to 10.0.0.207
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd41:3ad1:f5d5::/48'
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
config interface 'lan'
option device 'br-lan'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '10.0.0.207'
option proto 'dhcp'
Base the logic on what port you connect to, instead of IP?
Not really what you asked for but you could just install any linux distro on your cloud and then:
Deploy wgeasy container
Forward wg port
The setup process is pretty straightforward.
Your VPS only needs one port and one IP address that is reachable from the Internet. Wireguard can accept multiple incoming connections on the same IP and port. Peers must have unique public keys*, which will identify them uniquely to the server. This can (and should) be done with an instance of OpenWrt running directly on the VM, without adding Docker.
- This will naturally occur by following the best practice with keys which is to generate every key pair locally at the peer itself. Never copy a private key anywhere outside the peer. Transfer the public key to the other peer.
the question is about openwrt not wireguard
If that is true you can offer whatever services you would like by having them listen to the one IP that you do have.
Since the LAN is exposed to the Internet you should shut down LuCI (uhttpd) and dnsmasq and tighten dropbear security to public keys only. Set up a wan-like firewall where the default input action is reject or drop and only the ports you are using are accept.
Out of curiosity how did you install openwrt in Oracle cloud free tier. I know there is only a limited catalog of OSs and openwrt was not available.
As for wireguard I've set ip up last week on oracle linux 9.0 with https://github.com/angristan/wireguard-install with very minimal effort
Pretty sure they've got an BYOOS option...
Need to upgrade my two free tiers, but Openwrt is a no go, since they're used as pihole.
I use custom image,
Is it possible to run client and server wireguard run at the same time on oracle linux 9 ? cuz this is why I want to install openwrt
of course it's possible for oralce linux 9 as well - openwrt is not that different from any other linux distro - it just has more automation for networking stack
OCI allows you to create a VM with 2 NICs, using Ampere processors i.e. ARM v8 (aarch64). I am unable or unable to install OpenWrt ARM.
I tried to download the image: https://downloads.openwrt.org/releases/22.03.3/targets/armvirt/64/ although there are various images and I don't know which one is more correct. In addition, I converted the image to vmdk using the command
qemu-img convert -f raw -O vmdk ~/Downloads/openwrt-15.05-x86-64-combined-ext4.img openwrt-15.05-x86-64-combined-ext4.vmdk but then when I mount the disk the vm doesn't start.
how can i do it? Thanks
Any error or just blank screen?
You might need some changes in openwrt or atleast some kernel compile options to get it running on ampere
do you mean the cli is empty ?
I finally succeeded using the VM image (see link below), from which I extracted the .vmdk disk and then imported it to oracle OCI https://forum.openwrt.org/t/openwrt-for-vmware-esxi-arm-fling-on-rpi4-8gb/118228
@Lorenzo Hi Lorenzo, unfortuately I was not able to contact you on the Oracle OCI topic as it is closed. I would like to talk to you regarding the OCI topic, how can I contact you?