Do you get a response from
ping -I wlan0 8.8.8.8
No respon ping -I wlan0 8.8.8.8
wlan0 is not your internet interface. Are you connecting outside your home where there is a captive portal? Can you post your output
ip route
/etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdec:ee01:fa70::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option ifname 'eth0.2'
option proto 'dhcp'
config device 'wan_eth0_2_dev'
option name 'eth0.2'
option macaddr 'a0:f3:c1:e4:ab:b5'
config interface 'wan6'
option ifname 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 4 5 0t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 0t'
config interface 'wwan'
option proto 'dhcp'
config interface 'Wireguard'
option proto 'wireguard'
list addresses '10.9.0.224/16'
option private_key 'CO9HweImjzcRUNiQMIUz3gDHGkNa4USEjF
option mtu '1420'
config wireguard_Wireguard
option public_key 'Z2eoZCkB9+a37VXTa7wkdISuw4DSyRGOoTj
option persistent_keepalive '25'
option endpoint_port '51820'
list allowed_ips '0.0.0.0/0'
list allowed_ips '::/0'
option route_allowed_ips '1'
option endpoint_host 'xxxxxxxxxxxxxx
/etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6 wwan Wireguard'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config include 'shadowsocks'
option type 'script'
option path '/var/etc/shadowsocks.include'
option reload '1'
You wan interface is eth0.2
wwan/ wlan0
my internet source from wifi
Is this correct or not
config route
option interface 'wwan'
option target '203.114.74.17'
option netmask '255.255.255.255'
option gateway '192.168.43.1'
whereas i use wwan dhcp
1 Like
what's the output of
ip route
netstat -nr
root@OpenWrt:~# ip route default dev Wireguard proto static scope link
10.9.0.0/16 dev Wireguard proto kernel scope link src 10.9.0.224
45.77.245.226 via 192.168.43.1 dev wlan0 proto static
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1
192.168.43.0/24 dev wlan0 proto kernel scope link src 192.168.43.171
root@OpenWrt:~# netstat -nr Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 Wireguard
10.9.0.0 0.0.0.0 255.255.0.0 U 0 0 0 Wireguard
45.77.245.226 192.168.43.1 255.255.255.255 UGH 0 0 0 wlan0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
192.168.43.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
root@OpenWrt:~#
wlan0 is your internet interface
can you send the output
traceroute -i wlan0 8.8.8.8
traceroute 8.8.8.8
Please instruct the OP to make the route - which would use wwan it seems from the config. You asked for ip route - then failed to mention the route was not added.
Also, I'm not sure why you're asking the OP for a trace to 8.8.8.8?
You missed "option ifname wlan0" on 'wwan' interface
config interface 'wwan'
option proto 'dhcp'
Wrong. I have the same on my device. It's enumerated in the /etc/config/wireless file. The wwan network config is correct.
Yep.
Physical interface name to assign to this section, list of interfaces if type bridge is set.
(*) This option may be empty or missing if only a wireless interface references this network or if the protocol type is pptp, pppoa or 6in4
We need him post wireless config. @Predators
1 Like
I'm trying to establish which is the wan interface and why you cannot ping via it.
You don't need to add a route for this. You should be able to bind an interface with the ping
ping -I "interface" 8.8.8.8
traceroute -i "interface" 8.8.8.8
Looking through the firewall rules, is the file named correctly? /etc/config/firewal . Is it missing a 'l' or typo
1 Like
mistyped, I edited / etc / config / firewall. tomorrow I will continue
1 Like
I had a problem with wireguard that could not connect to server because of wrong date. As quick and easy workaround I added simple script at startup (in Luci System-Startup or in /etc/rc.local) date -s "2030-01-01 00:00:00" that set date to the future, after that wireguard connects to the server (it seems it accepts future dates fine) and internet appears, after that ntp is up and correct the date,time to actual values.
5 Likes
I set up my first wireguard client openwrt 19.07.4 router using instructions provided by the VPN provider, but hit a brick wall when I couldn't pass traffic through the tunnel. I wasted a lot of time thinking it was a misconfigured firewall.
Eventually, I discovered when reviewing the instructions from another wireguard vpn provider, that wireguard is time sensitive.
I've applied the above workaround and it works great.
Update:
Openwrt wiki page has been updated. See:
https://openwrt.org/docs/guide-user/services/vpn/wireguard/extras#race_conditions
1 Like
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.