Problem setting up a VPN server on my Open WRT router

viciu · September 7, 2023, 4:51pm

I have configured Open VPN as a server in my TP-Link router running Open WRT with IP 192.168.1.5. This router via LAN connection is located under my ISP's modem which has the IP address 192.168.1.1. My goal is to route all of my remote clients' traffic through a VPN that passes through my routers to use my home public IP address. With Open VPN I succeeded but on the client doing a speed test it seems that the connection is limited to both download and upload speeds at 3/4 MBps. So to speed up the connection of the remote client I configured a socks5 server in my router with the dante sockd package and the connection speed on the remote client improved significantly, even reaching 12/15 MBps, but unfortunately I was unable to route the UDP traffic through the router but only the TCP one. At this point I tried to configure a Wireguard server by naturally opening the port on my ISP's modem, I see that the server is able to connect to the client but I can't understand why the client's connection is not routed through the router. Any kind of advice or help is welcomed, my aim is just to route both the TCP and UDP traffic of my remote clients through the VPN of my home router so that I can get the public IP address of the home achieving higher speed at 3/4 Mbps.
Thanks, output of /etc/config/network.of /etc/config/network.

config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config globals 'globals'
option ula_prefix 'fd09:151b:7e4c::/48'

config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.1.5'
list dns '1.1.1.1'
option gateway '192.168.1.1'

config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'

config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0 1 2 3 8t'

config interface 'CloudConnexa'
option ifname 'tun0'
option proto 'none'

config interface 'WAN'
option ifname 'eth0.1'
option proto 'none'

config interface 'Wireguard'
option proto 'wireguard'
option private_key 'MY PRIVATE KEY'
option listen_port '1189'
list addresses '10.10.10.10/32'

psherman · September 7, 2023, 4:52pm

what version of OpenWrt are you using?

ubus call system board

viciu · September 7, 2023, 4:55pm

root@OpenWrt:/etc/config# ubus call system board
{
"kernel": "4.14.275",
"hostname": "OpenWrt",
"system": "bcm63xx/F@ST2704N (0x6318/0xB0)",
"model": "Sagem F@ST2704N",
"board_name": "fast2704n",
"release": {
"distribution": "OpenWrt",
"version": "19.07.10",
"revision": "r11427-9ce6aa9d8d",
"target": "brcm63xx/generic",
"description": "OpenWrt 19.07.10 r11427-9ce6aa9d8d"
}
}

psherman · September 7, 2023, 5:12pm

You are running a very old, EOL, and unsupported version of OpenWrt. You should consider upgrading to the current latest stable release:
https://firmware-selector.openwrt.org/?version=22.03.5&target=bcm63xx%2Fgeneric&id=sagem_fast-2704n

mk24 · September 7, 2023, 5:17pm

It's also a 320 MHz single core MIPS CPU. If speed is a concern, you'll need better hardware.

Anyway for wireguard to work you need both a config interface wg0 block to set up the root interface, and a config wireguard_wg0 block for each peer. It is conventional to name the first or only Wireguard interface wg0. Avoid interface names that are long or have uppercase.

The same firewall settings that worked for OpenVPN can be used here. There is no need for a proto none stub interface with wireguard since it is now its own interface controlled by UCI.

vgaetera · September 7, 2023, 5:52pm

Options:

Configure OpenWrt as a router.
Advertise OpenWrt as the default gateway with DHCP.