Hello!
I tried maybe five times both wireguard and OpenVPN but no success. Seems like connecting to VPN but I am not under VPN
I am trying to use at home, under my main router which 192.168.1.1 . I wan to create a second wifi with VPN.
etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd34:69b1:c72f::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.1.3'
option gateway '192.168.1.1'
list dns '192.168.1.1'
config interface 'wg0'
option proto 'wireguard'
option private_key 'WPHvh22etpSsihb+nGbZm+kxc+xSkz='
list addresses '10.14.0.2/16'
option peerdns '0'
list dns '162.252.172.57'f
list dns '149.154.159.92'
config wireguard_wg0
option description 'peerwire'
option public_key 'sF/TlxU9XaDN3InBtff2A='
option private_key 'WPHvh22etpSkz9/7BdpyEWZDUg='
list allowed_ips '0.0.0.0/0'
option route_allowed_ips '1'
option endpoint_host 'tr-ist.prod.surfshark.com'
option endpoint_port '51820'
/etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option synflood_protect '1'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
list network 'lan'
option mtu_fix '1'
option forward 'ACCEPT'
config zone
option name 'vpn'
option output 'ACCEPT'
list network 'wg0'
option masq '1'
option input 'REJECT'
option forward 'REJECT'
config forwarding
option src 'lan'
option dest 'vpn'
Route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default * 0.0.0.0 U 0 0 0 wg0
10.14.0.0 * 255.255.0.0 U 0 0 0 wg0
45.136.155.193 192.168.1.1 255.255.255.255 UGH 0 0 0 br-lan
192.168.1.0 * 255.255.255.0 U 0 0 0 br-lan
I really need help! Thank you!
pavelgl
September 20, 2022, 11:32am
2
For a start, please redact all keys and the endpoint from the posted wireguard configuration.
Your device is acting as a dumbAP and therefore its clients cannot use the vpn service.
Create a new interface leaving the Device unspecified .lan firewall zone.
Add a new wireless network, attach it to the newly created interface and everything should be fine.
1 Like
Thank you for the quick answer!
Keys already removed (half of them). I keep half to show that they exist.
I am trying now!
I tried but I think am missing too much thing and so far away:/
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd34:69b1:c72f::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.1.3'
option gateway '192.168.1.1'
list dns '192.168.1.1'
config interface 'wg0'
option proto 'wireguard'
option private_key '++kxc+xSkz9/='
list addresses '10.14.0.2/16'
option peerdns '0'
list dns '162.252.172.57'
list dns '149.154.159.92'
config wireguard_wg0
option description 'peerwire'
option public_key 'sF//='
option private_key '++kxc+/='
list allowed_ips '0.0.0.0/0'
option route_allowed_ips '1'
option endpoint_host 'tr-ist.prod.surfshark.com'
option endpoint_port '51820'
config interface 'New'
option proto 'static'
option gateway '192.168.1.1'
option type 'bridge'
list ipaddr '192.168.2.1/24'
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option synflood_protect '1'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option mtu_fix '1'
option forward 'ACCEPT'
list network 'lan'
list network 'New'
config zone
option name 'vpn'
option output 'ACCEPT'
list network 'wg0'
option masq '1'
option input 'REJECT'
option forward 'REJECT'
config forwarding
option src 'lan'
option dest 'vpn'
yes and also lost internet at main router as well
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/soc/3f300000.mmcnr/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
option band '2g'
option htmode 'HT20'
option channel '6'
option cell_density '0'
config wifi-iface 'wifinet0'
option device 'radio0'
option mode 'ap'
option ssid 'OpenWrtNew'
option encryption 'psk2'
option key 'xxxxxx'
option network 'New'
pavelgl
September 20, 2022, 4:06pm
7
Log into the router using SSH and execute the following commands (copy/paste the whole block and press Enter)
uci -q delete network.New
uci set network.New=interface
uci set network.New.proto='static'
uci set network.New.ipaddr='192.168.2.1'
uci set network.New.netmask='255.255.255.0'
uci commit network
uci -q delete dhcp.New
uci set dhcp.New=dhcp
uci set dhcp.New.interface='New'
uci set dhcp.New.start='100'
uci set dhcp.New.limit='150'
uci set dhcp.New.leasetime='12h'
uci commit dhcp
/etc/init.d/network restart; /etc/init.d/dnsmasq restart
I sorted main router with reset.
Commands which you sent are for VPN? Or fix for Main router? Seems like remove settings I add later
What I trying to do, just connect main router with raspberry pi with LAN cable and create a second wifi on respberry pi with VPN.
pavelgl
September 20, 2022, 4:48pm
9
Everything must be run on the Pi.
The routing table looks fine so the vpn should be up and running. Run the following (on the Pi) and check the returned IP address.
wget http://ipecho.net/plain -O - -q ; echo
The first part of the suggested commands will fix this:
The second part is "just in case" because I haven't seen the DHCP configuration.
I understand that.
Thank you! Works for a few minutes. But after 15 minutes whole internet even connected the main wifi is gone.
I dont know why but something clashing. I removed lan cable from raspberry pi and restart. Now main wifi working.
