Setting Up Raspberry Pi 4B as Router

Hi,

First of all, sorry for asking too basic questions since I'm new to setting network. Understanding is much appreciated.

My objective is to use Raspberry Pi 4B as router with VPN for Xbox use.

My setup aim is as below

                        --eth (onboard) ------/    lan -   Xbox

RPI (192.168.1.1 / VPN)---| ________________
--eth (usb - tplink ue300) -\
_____ | wan - Huawei LG8245X6-10 - 19.168.1.254

Currently i already flashed OpenWrt 23.05.3 (r23809-234f1a2efa) onto the Raspberry Pi.

My problem are

  1. i'm confused and having problem to setup interface of LAN and WAN. I'm not sure which should i put as static ip and which should i put as DHCP server. And which to put as Br-Lan, Eth 0 and Eth 1.

  2. When i connect a laptop to RPI through ethernet, there is no internet connection. Using Putty, I'm able to ping google.com and update the package list thru LUCI.

  3. I'm unable to enable onboard wifi. When i click enable, it will back to disable withing few seconds. I've tried to update and sync the time through LUCI but, of no use.

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd93:bd8a:6876::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'lan'
        option device 'eth1'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option gateway '192.168.1.254'
        list dns '1.1.1.1'

config interface 'wan'
        option proto 'dhcp'
        option device 'eth0'

root@OpenWrt:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/soc/fe300000.mmcnr/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
        option channel 'auto'
        option band '2g'
        option cell_density '0'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'

root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'
        option filter_aaaa '0'
        option filter_a '0'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

root@OpenWrt:~# cat /etc/config/firewall

config defaults
        option syn_flood '1'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

Thanks in advance

br-lan includes eth0, you should use a bidge for lan if you want wifi access point there.

WiFi chip on RPi series is very crappy, don't rely on it if you want AP mode.

You still need br-lan to be lan device.

You have a few minor issues. Before getting into the fixes, it is worth noting:

  1. as @brada4 pointed out, you need a bridge if you want to use wifi + ethernet on your lan. We'll get to that.
  2. as @fakemanhk said, the Pi's wifi is truly miserable. It's fine as an AP for 1 or 2 devices at close range and where bandwidth is not really important, but don't expect this to be performant in any sense of the word.
  3. You appear to have eth1 (usb-ethernet adapter) for the lan and eth0 (built-in) for the wan. There is nothing wrong with this arrangement, but often eth0 is used for the lan. We'll continue with what you have currently, though.

Edit br-lan so that it looks like this (specifically changing the port from eth0 to eth1):

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth1'

Edit your lan interface. Multiple changes here -- change the subnet since the upstream network appears to be 192.168.1.0/24, change the device to br-lan, and remove the gateway and dns. It will look like this:

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.5.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

Now you can restart the Pi and it should work as expected.

1 Like

brada4
br-lan includes eth0, you should use a bidge for lan if you want wifi access point there

fakemanhk
WiFi chip on RPi series is very crappy, don't rely on it if you want AP mode.

Thanks

I've followed your suggestion, however, unfortunately i lost access to Luci. Following that, i have reflashed the sd card. and surprisingly the onboard Wifi worked and can be accessed from another PC

This lead to slight change of flow as below

  • Huawei Modem Router (192.168.1.254) > (Ethernet - Onboard RPI) > RPI (192.168.1.1) with VPN > (Onboard Wifi) > Xbox/PC

Currently, the connection worked, however the VPN does not worked. I used Surfshark Wireguargd, using the luci-proto-wireguard package.

Below are my config

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
      option device 'lo'
      option proto 'static'
      option ipaddr '127.0.0.1'
      option netmask '255.0.0.0'

config globals 'globals'
      option ula_prefix 'fda9:344a:d1ba::/48'

config device
      option name 'br-lan'
      option type 'bridge'
      list ports 'eth0'

config interface 'lan'
      option device 'br-lan'
      option proto 'static'
      option ipaddr '192.168.1.1'
      option netmask '255.255.255.0'
      option ip6assign '60'

config interface 'wan'
      option proto 'dhcp'
      option device 'eth1'
      option peerdns '0'

config interface 'wan6'
      option proto 'dhcpv6'
      option device 'eth1'
      option reqaddress 'try'
      option reqprefix 'auto'
      option peerdns '0'

config interface 'wg0'
      option proto 'wireguard'
      option private_key 'XXXXXXXXXX'
      list addresses '10.14.0.2/16'
      list dns '162.252.172.57'
      list dns '149.154.159.92'

config wireguard_wg0
      option description 'tr-ist.conf'
      option public_key 'XXXXXXXX'
      list allowed_ips '0.0.0.0/0'
      option endpoint_host 'XXXX.surfshark.com'
      option endpoint_port '51820'

root@OpenWrt:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/soc/fe300000.mmcnr/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
        option channel '36'
        option band '5g'
        option htmode 'VHT80'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'

root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '0'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'
        option filter_aaaa '0'
        option filter_a '0'
        option noresolv '0'
        option port '54'
        list server '192.168.1.1'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
        list dhcp_option '6,192.168.1.1'
        list dhcp_option '3,192.168.1.1'
        list dns 'fda9:344a:d1ba:1::1'
        list dns 'fda9:344a:d1ba::1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'
root@OpenWrt:~# cat /etc/config/firewall

config defaults
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option mtu_fix '1'
        list network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'
        list network 'wan6'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config zone
        option name 'vpn'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        list network 'wg0'

config forwarding
        option src 'lan'
        option dest 'vpn'

root@OpenWrt:~#

So, my new problems are

  1. The VPN does not work - the wg0 showed zero TX and RX

  2. Another question - i'm using 64 GB sd card, however in Overview section in Luci, the storage only showed, 98 MiB, with almost 52% full. Why is that?

  3. I also have problem to update the software/packages, as it frequently failed with error 6.

  4. I also installed Adguard Home. The installtion was successful, but the ads were not blocking any ads. I tried to add blocklist, however a long list of error occured as below. What should i do?

49.112.112.10:53: connect: network is unreachable dialing [2620:fe::fe:10]:53 over udp: dial udp [2620:fe::fe:10]:53: connect: network is unreachable dialing [2620:fe::fe:10]:53 over udp: dial udp [2620:fe::fe:10]:53: connect: network is unreachable dialing ....

Thanks

As I had mentioned previously, you need to use a different subnet on the lan of your OpenWrt router (Pi). This is a requirement because you cannot have the same/overlapping subnet on the interfaces of a router.

Change the IP to something else -- for example 192.168.5.1.

If you're going to set peerdns to 0, you must provide upstream DNS servers for the system to work properly.

Thank you for the input.

Changing the ip to 192.168.5.1 did make me lost access to to LUCI and ssh to the openwrt. this is due to my pc is still using 192.168.1.X ip address. This is solved my setting manually my pc ip address to use 192.168.5.X.

After gaining access back to openwrt, i changed the lan interface >setting > dhcp server > advanced setting > DHCP options to
3,192.168.5.1
6,192.168.5.1
6,1.1.1.1,8.8.8.8

I have now successfully setup the pi to connect to wan via eth1 and there are internet connection via both eth0 and wlan0.

Now, my problem is the wg0 interface for VPN is still showing zero TX and RX

Below are my configs

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fda9:344a:d1ba::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'
        list ports 'wlan0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.5.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option proto 'dhcp'
        option device 'eth1'
        option peerdns '0'
        list dns '1.1.1.1'
        list dns '8.8.8.8'

config interface 'wan6'
        option proto 'dhcpv6'
        option device 'eth1'
        option reqaddress 'try'
        option reqprefix 'auto'
        option peerdns '0'

config interface 'wg0'
        option proto 'wireguard'
        option private_key 'XXXXX'
        list addresses '10.14.0.2/16'
        list dns '162.252.172.57'
        list dns '149.154.159.92'

config wireguard_wg0
        option description 'tr-ist.conf'
        option public_key 'XXXXX'
        list allowed_ips '0.0.0.0/0'
        option endpoint_host 'tr-ist.prod.surfshark.com'
        option endpoint_port '51820'

root@OpenWrt:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/soc/fe300000.mmcnr/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
        option channel '36'
        option band '5g'
        option htmode 'VHT80'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'

root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '0'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'
        option filter_aaaa '0'
        option filter_a '0'
        option noresolv '1'
        list server '1.1.1.1'
        list server '8.8.8.8'
        list server '192.168.1.1'
        option port '54'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
        list dns 'fda9:344a:d1ba:1::1'
        list dns 'fda9:344a:d1ba::1'
        list dhcp_option '3,192.168.5.1'
        list dhcp_option '6,192.168.5.1'
        list dhcp_option '6,1.1.1.1,8.8.8.8'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

root@OpenWrt:~# cat /etc/config/firewall^C

These should not be necessary normally, bu it looks like you're using AGH. I cannot say the root cause, but when using AGH, you do need to set option 6. Option 3 should not be necessary, though.

Remove wlan0 from the bridge.

you need to add:

        option route_allowed_ips '1'

And then restart your device.

If that doesn't work, let's see the output of:

date
wg show

following this, there's no more internet access on both wlan0 and eth0.

root@OpenWrt:~# date
Thu Sep 19 14:48:00 UTC 2024
root@OpenWrt:~# wg show

root@OpenWrt:~# ifconfig wg0
wg0       Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.14.0.2  P-t-P:10.14.0.2  Mask:255.255.0.0
          UP POINTOPOINT RUNNING NOARP  MTU:1420  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:99 errors:0 dropped:6674 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:14652 (14.3 KiB)

root@OpenWrt:~# date
Thu Sep 19 14:58:55 UTC 2024
root@OpenWrt:~# wg show



The fact that this is not showing any output suggests that there may be a key issue.

Have you attempted to use this configuration on a phone or computer directly (you can only run one at a time, of course) to verify that the general config and keys are correct?

I have tested the same config file using wireguard app on android. The configuration worked and the ip is in correct region that i wanted which is Turkey

Ok. Obviously make sure that the WG interface on your android device is disabled when you try to bring it up on OpenWrt.

Restart your OpenWrt router and then check the output of:

wg show

There is no output and after a while putty disconnected

root@OpenWrt:~# ifconfig
br-lan    Link encap:Ethernet  HWaddr DC:A6:32:6C:F0:1D
          inet addr:192.168.5.1  Bcast:192.168.5.255  Mask:255.255.255.0
          inet6 addr: fe80::dea6:32ff:fe6c:f01d/64 Scope:Link
          inet6 addr: fda9:344a:d1ba::1/60 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:9378 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2473 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1049320 (1.0 MiB)  TX bytes:825140 (805.8 KiB)

eth0      Link encap:Ethernet  HWaddr DC:A6:32:6C:F0:1D
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

eth1      Link encap:Ethernet  HWaddr 50:3E:AA:8A:FD:2B
          inet addr:192.168.1.86  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: 2001:d08:e7:a2ed::2/128 Scope:Global
          inet6 addr: 2001:d08:e7:a2ed:523e:aaff:fe8a:fd2b/64 Scope:Global
          inet6 addr: fe80::523e:aaff:fe8a:fd2b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2152 errors:0 dropped:16 overruns:0 frame:0
          TX packets:1506 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:744700 (727.2 KiB)  TX bytes:238418 (232.8 KiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:172 errors:0 dropped:0 overruns:0 frame:0
          TX packets:172 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:18036 (17.6 KiB)  TX bytes:18036 (17.6 KiB)

phy0-ap0  Link encap:Ethernet  HWaddr DE:A6:32:6C:F0:1F
          inet6 addr: fe80::dca6:32ff:fe6c:f01f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:9378 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4262 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1049320 (1.0 MiB)  TX bytes:1013135 (989.3 KiB)

wg0       Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.14.0.2  P-t-P:10.14.0.2  Mask:255.255.0.0
          UP POINTOPOINT RUNNING NOARP  MTU:1420  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:24 errors:0 dropped:3019 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:3552 (3.4 KiB)

root@OpenWrt:~# wg show

In addition after adding

  option route_allowed_ips '1'

chrome was unable to load webpages

We're still seeing a complete lack of output, something is clearly not right. This could be as simple as a typo or similar in the keys.

I would recommend removing the interface and recreating it, double checking that the keys that are known to work are in the correct places and that they are complete and correct.

This is expected behavior because the routing table is being directed to the tunnel, but the tunnel isn't working. Once the tunnel itself is working, it'll be fine.

Following this, i successfully configured the wireguard setting using different VPN provider. All other config were as before, except the config file from new VPN.

Thank you especially @psherman who helped tremendously.

Just one last question, i tried to swap the both wan and wan6 to br-lan and lan to use eth 1, i lost access to the raspberry pi. How do i correctly swap the wan and lan setting? This is as i planned to use the RPI openwrt as travel router too

br-lan will by default have eth0, and wan/wan6 will use eth1. If you want to change them, make sure that eth1 goes into br-lan and that eth0 goes in both wan interfaces.

I would suggest leaving it as is, though -- there's no real benefit/drawbak to using the internal port for lan and the external one for wan.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.