Routing traffic through wireguard on OpenWrt

ArcherVPN · December 13, 2020, 7:18am

I've read a lot of articles and tried to to this on my own. I recently signed up to a new isp and they throttle me down to 5mpbs even though they claimed 50. Through a vpn service the number jumps up to about 40.

I tried installing pfsense through virtualbox and using thst as my firewall/vpn but I wasn't able to set it up. Ended up buying and archer c7 v2. Followed the steps on openwrt to flash the correct firmware and then setup the wireless networks and then installed the wireguard client. I have everything set up but I don't think my traffic is being routed through wireguard. Sorry if this is another dumb post but I just don't want to be stuck with 5mbs and 420p YouTube videos for the next year.

Any help would be greatly appreciated and I will post pictures. For security on my side, is there particular things that should be redacted from pictures or info I post?

frollic · December 13, 2020, 7:30am

how is everything connected ?

Does the router act as your gateway to internet, or is it just a device on your network ?

Both work, but we need to know which one it is.

ArcherVPN · December 13, 2020, 7:33am

Modem connected directly to wan port on router. One pc connected through Lan on router port, 7 wireless devices connected to either 2.4 or 5ghz frequency.

Yes, the router is the gateway to the internet. Tell me whatever info you need a screenshot of

frollic · December 13, 2020, 7:40am

Do a whatmyip when you're not connected to the VPN, and to the same what you think you are, and when you know you are (VPN client installed on PC ?).

if the think and the know IPs are the same, or at least close enough, then your traffic is going though the tunnel.

A GeoIP site would do the same as the whatsmyip.

Whats the name of the IPS ?

vgaetera · December 13, 2020, 8:01am

Post the output redacting the private parts:

uci show network; uci show firewall; uci show dhcp; \
head -v -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*; \
ip address show; ip route show; ip rule show

ArcherVPN · December 13, 2020, 8:04am

Through phone with VPN app on, cannot connect to router, turned vpn off, able to connect.

As for ip, it does not change when I turn the wireguard client on, stays the same. When I turn vpn app on my phone on, ip changes

frollic · December 13, 2020, 8:14am

You not beeing able to connect to the local network resources while using VPN is normal.

The IP will not change for any device but the routers WAN/VPN-port, that's the whole point.

ArcherVPN · December 13, 2020, 9:04am

I think I got all the info you requested, hopefully it's the right thing

ArcherVPN · December 13, 2020, 9:14am

The remote port does change when wireguard client is active on OpenWRT

frollic · December 13, 2020, 9:47am

What remote port?

ArcherVPN · December 13, 2020, 10:09am

Sorry I think I was mistaken on thst post please disregard

trendy · December 13, 2020, 12:59pm

Don't use the internet nameservers on the lan interface, use them in wan instead, where they are reachable from.

wg client interface cannot be bridged. Delete the bridge from wan, leave only eth0.2

uci delete network.wan.type
uci set network.wan.ifname='eth0.2'

Also add routes in the routing table.

uci set network.wireguard_WGPro.route_allowed_ips="1"
uci commit network
/etc/init.d/network restart

ArcherVPN · December 13, 2020, 2:11pm

Hello thanks for the reply. I flashed back to stock firmware and then reinstalled openwrt because I did something which blocked access to the router. I set up my wireless networks and VPN and left it disabled for now. I will follow your steps and let you know how it goes. Thanks again.

trendy · December 13, 2020, 2:14pm

If you started from scratch it will be easier to follow the guide.

ArcherVPN · December 13, 2020, 6:11pm

Sorry for sounding like a noob, but ive been doing most things either through the web GUI or windows terminal. Im seeing all these commands like

Configure firewall

uci rename firewall.@zone[0]="lan"
uci rename firewall.@zone[1]="wan"
uci del_list firewall.wan.network="${WG_IF}"
uci add_list firewall.wan.network="${WG_IF}"
uci commit firewall

Where in the Gui do I input this information? Does Lucy have its own terminal that I input this information or do I ssh into the root directory and manually edit the files? Im just a little confused

vgaetera · December 13, 2020, 6:22pm

You can copy-paste the entire block of code to the SSH session.
Note that those instructions rely on the default configs.

ArcherVPN · December 14, 2020, 12:17am

Been spending a lot of time today truckin it along...its getting easier and easier even though i had to redo it 15 times to avoid errors but it's all a learning process. There's one im stuck on..

Configure firewall

uci rename firewall.@zone[0]="lan"
uci rename firewall.@zone[1]="wan"
uci del_list firewall.wan.network="${WG_IF}"
uci add_list firewall.wan.network="${WG_IF}"
uci commit firewall
/etc/init.d/firewall restart

after executing the last line, i get an error "Warning: Section 'wan' cannot resolve device of network 'vpn'"

Im gonna keep the ball rolling with the rest of the steps...if anyone can help me with that error thanks in advance

vgaetera · December 14, 2020, 12:31am

It's safe to ignore as the network/interface should be configured on the next step.

ArcherVPN · December 14, 2020, 9:14pm

I followed the guide and everything seems okay, didn't get any errors but no access to the internet. In the system log I see this error

"daemon.warn odhcpd[1387] : a default route is present but there is no public prefix on Lan thus we don't announce a default route!"

Also when I run command uci show dhcp I get "failed with return code 1 and error message uci: entry not found"

What is this error?

trendy · December 14, 2020, 10:20pm

Sounds like misconfigured IPv6.

ls -la /etc/config/ ; cat /etc/config/dhcp