I need some help, please.
I have had network what was working until last Friday.
The system tree looks like:
ISP modem (fibre optic)
OpenWRT x86 pc as Wireguard client
Archer 5400x router as router
The original setup was:
ISP modem static ip and DMZ to the openwrt wan port DHCP client
OpenWRT lan static address to the archer router
Archer router static WAN connection to the openwrt static LAN port.
The problem is now I can't get pass through the LAN to WAN or versa. Doesn't matter what I set up it's just not working.
I just upgraded the OpenWRT to the 22.03
Lan is in bridge mode, but tried without it.
Used to work but now it's not.
I would try to do the fresh install but if I connect to the LAN port on fresh install the OpenWRT is on the default 192.168.1.1 static, and I do the ssh uci.set.network.lan.proto="dhcp" and after should work.
Any tips? I have no more ideas...
Thank you so much!
Did you removed and reconfigured your firewall rules?
A migration from 21 to 22 is not possible as firewall changed from iptables to nftables
It was a completely fresh new install on the OpenWRT router. So the rufus formatted first so I think no chance to keep any files. I used the original firewall settings but after I did a change on the WAN zone the inbound for accept, and after I could have access to the openwrt but not from LAN.
The main reason for this sort of usage to fail to route to the Internet is that the LAN and WAN must be different IP subnet ranges.
A wireguard "client" which initiates an outgoing connection to a server with a public IP doesn't require any firewall opening and can work behind NAT. In any case, setting the wan default to "accept" is not secure.
Thank you for your help.
I'll try it out now. I guess, yes, it is the problem.
Edit: yes this was the issue. Same subnet mask.
Thank you so much!
So the first question is sorted, thank you.
Now I face my original issue, which is no wireguard traffic.
I set up everything on my side and on the server side but have a handshake and that's it.
Nothing, only 92b sent and 190b received.
I rechecked the public key and generated a new pair on the openwrt server but still not working.
Any ideas? Wireguard interface on WAN and the Route Allowed IPs checked.
I had this issue too, but I can't remember how I fixed it. Something like the Persistent Keep Alive set to 28 but atm this isn't the case. I had a fresh install with the working system, but I messed up.
Here is the interface.
Handshake received means the keys are OK and a path for encrypted packets exists. But there are other problems here.
LAN IP should be in one of the reserved private ranges (RFC1918).
Allowed IPs should be 0.0.0.0/0 not 0.0.0.0/32.
I changed it to the 0.0.0.0/0 but still nothing.
I can connect to the VPN with my phone with the same settings. So the problem isn't with the VPN server.
Edit: it may be that my server is facing some issues as I have a paid VPN wireguard service for the test and it's working as it should. So I try to clear the cache or whatever on my vpn server. Thank you for the help everyone. I do really appreciate it!
Did you enable masquerading on the (Wireguard)VPN zone ?
Hi, I haven't got any firewall zone set up to the wireguard as I put them on to the WAN zone.
The paid service is working only my own vpn isn't working on the openwrt client but working on phone or pc.
I guess something is wrong with the OpenWrt installation as the Wireguard client.
I tried a few options yesterday evening and I noticed the Wireguard interface not working properly.
I deleted the Wireguard and reinstall and like before it's not showing up until the unit not restarted.
I tried a few different servers with different locations.
All the settings were correct and it happened the same issues with my server and paid servers.
Sometimes no handshake until the restart and after the handshake was done, no traffic. All the settings are the same as before when it was working.
It looks like only one set getting kept in the system. Or just not save and apply the new interface. Of course, I restarted the interface whenever changes were made. So most of the time it was not applied until the reboot was successful but sometimes this not helped. It's like gambling. Sometimes work sometimes not.
I reinstalled everything on the OpenWRT and I used this time the generic-ext4-combined-efi version and now it's working (the previous was generic-squashfs-combined-efi) Don't know why, but it's working, everything. Thanks, to everyone for the help!
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.