I bought an openwrt one to experiment with vpn. I want to run the unit downstream from my sky router and use it as a vpn server essentially to route from a travel router running a vpn client. Is there a document or topic that will help me?
You obviously already tried "openwrt wireguard server" at your local search engine?
2 Likes
Not sure about your Travel Router use case.
Instead of a Travel Router I have a VPN client on the device and can use it on the go.
You probably want the "Road Warrior" type configuration for Wireguard.
Essentially, you'll have your OpenWrt device at home that is your 'server` for the VPN. Your remote peers (could be a travel router and/or the devices you have with you such as your phone, laptop, etc.) can then tunnel back to your home.
This setup will allow you to:
- securely access resources on your home network while you are away from home
- improve security/privacy vs using public wifi or other remote networks -- this basically provides you the same level of security/privacy as if you were on your home network.
- appear to be "home" for the purposes of any services that might be limited when you are away. For example, you should be able to access the streaming services you use at home even if you are abroad.
1 Like
Exactly what I want. The travel router would be 4g and mounted in our motorhome. I think monthly unlimited data sims are available in Europe. Previously we used a large satellite dish tuned to bbc's backup transmitter feed.
I am not sure which 4g routers are openwrt though. Anyone know?
Also, would I need IPV6 or would IPV4 be sufficient?
I want to run the unit downstream from my sky router and use it as a vpn server essentially to route from a travel router running a vpn client.
You’re going to need to do some port forwarding on the Sky router and , unless you have a static public IP ( unlikely with Sky ), also a Dynamic DNS
I have dynamic dns on the Sky router using an account with hopto.
@psherman If the router I use for Wireguard is not doing anything else can it simply use a fixed ip in the same subnet as the Sky router which then forwards the Wireguard port to that ip, 192.168.1.1? The gateway and dns settings on the openwrt router would both be set to the Sky router's ip, 192.168.1.254. Would that work?
That’s exactly what it needs. Just make sure that the static IP you allocate is outside the Sky routers DHCP but in the same subnet.
My plan is to use an openwrt one downstream from my Sky router as the Wireguard server and a GL-E750V2 as the client. A question:
Should I use the GL firmware or is it better to load the openwrt one?
Deleted post
Update:
All working now, it was a firewall problem but is now sorted. The Mudi is going to have to go back because it lacks signal strength, I need a router with external antennae.
Just for the record:
I used the wg_roadwarrior.sh from https://openwrt.org/docs/guide-user/services/vpn/wireguard/road-warrior, I uncommented the following lines:
export WG_INTERFACE="vpn"
export WG_SERVER_PORT="51820"
export WG_WAN4_FWZONE="wan"
export WG_FWZONE="lan"
export WG_IPV4_SUBNET="192.168.6"
I then ran the script on my openwrt one router. I had to add # to all the blank lines at the top of the script before the start of the actual code as it otherwise gave errors.
I then modified add_roadwarrior_peer.sh to uncomment the following:
export WG_INTERFACE="vpn"
WG_DDNS="my ddns url"
ONLY_ULA="0"
But not:
#WG_DDNS6="yourserver-ipv6.dyndns.org"
Again I added # to the blank lines before the actual code and ran the script for my iPhone and the Mudi.
I used the peer data files to configure the Wireguard app on my iPhone to test the tunnel and then used the Mudi data to configure the peer in the Mudi. I could not drag and drop the file for some reason but I was able to copy and paste the data over. I had to re-paste the keys as the #comments at the end were not accepted.
All working! All I have to do is get a better 4g travel router and install the peer on that.
Thanks for the guidance guys.
I have now bought a ZTE-MF286D and installed the latest openwrt release. It works better than the GL-E750V2 and Wireguard is working well.