Well if you REALLY want the IP Addresses you can try here.
2 Likes
AND...
What should I do about it? Let's say from this page I downloaded the necessary addresses for YouTube.
What's next? How to set up a whitelist for WireGuard? Thanks for the list, but it's not enough...
All you need to do to route the traffic is setup the ip ranges in the "Allowed IPs" part of your wireguard configuration.
If this is your Wiregurad conf you would want it to look something like this
[Interface]
PrivateKey = gI6EdUSYvn8ugXOt8QQD6Yc+JyiZxIhp3GInSWRfWGE=
ListenPort = 21841
[Peer]
PublicKey = HIgo9xNzJMWLKASShiTqIybxZ0U3wGLiUeJ1PKf8ykw=
Endpoint = 192.95.5.69:51820
AllowedIPs = 208.117.234.0/24,208.117.254.0/24(List of ranges you want to forward goes here )
1 Like
Is it really that simple? To check, I enter all found addresses into the config. It turns out something like this:
[Interface]
PrivateKey = ██████████████████████████████████████h3G3I=
# PublicKey = ██████████████████████████████████████OA2zg=
Address = 172.16.0.2
Address = 2606:4700:110:8322:1254:4535:9298:6886
DNS = 1.1.1.1
[Peer]
PublicKey = ██████████████████████████████████████Pfgyo=
Endpoint = engage.cloudflareclient.com:2408
# Endpoint = 162.159.192.9:0
# Endpoint = [2606:4700:d0::a29f:c009]:0
AllowedIPs = 64.15.112.0/24,64.15.115.0/24,64.15.118.0/23,64.15.123.0/24,64.15.126.0/24,70.32.133.0/24,103.111.147.0/24,104.237.164.0/24,104.237.167.0/24,104.237.168.0/22,104.237.172.0/24,104.237.190.0/24,136.22.130.0/23,136.22.132.0/23,156.38.33.0/24,156.38.34.0/23,156.38.37.0/24,156.38.39.0/24,176.29.0.0/24,176.29.203.0/24,176.29.205.0/24,176.29.209.0/24,176.29.210.0/24,176.29.215.0/24,176.29.216.0/21,176.29.224.0/21,176.29.253.0/24,176.29.255.0/24,176.126.58.0/24,185.192.249.0/24,185.225.248.0/24,197.230.59.0/24,197.230.70.0/24,208.117.234.0/24,208.117.236.0/24,208.117.238.0/24,208.117.240.0/24,208.117.250.0/24,208.117.252.0/24,208.117.254.0/24
AllowedIPs = 2001:fb0:109f:12::/64,2001:fb0:109f:14::/64,2001:fb0:109f:18::/63,2001:fb0:109f:8007::/64,2001:fb0:109f:8009::/64,2001:fb0:109f:8010::/64,2001:fb0:109f:8013::/64,2001:fb0:109f:8014::/64,2001:4430:f:104::/64,2001:4430:f:106::/63,2001:4430:f:108::/63,2001:4430:f:10a::/64,2001:4430:f:112::/64,2001:4430:f:114::/64,2001:4430:f:116::/63,2001:4430:f:118::/64,2400:9800:1b:1b::/64,2407:0:0:3d::/64,2620:11a:a000::/48,2620:11a:a011::/48,2620:11a:a01c::/48,2620:11a:a01f::/48,2620:11a:a024::/47,2620:11a:a029::/48,2620:11a:a02a::/48,2620:11a:a02d::/48,2620:11a:a02e::/48,2620:11a:a031::/48,2620:11a:a033::/48,2620:11a:a034::/48,2620:11a:a036::/47,2620:11a:a038::/46,2620:11a:a03c::/48,2620:11a:a0f1::/48,2a00:1588:d801::/48,2a00:1588:d802::/48,2a0f:f4c1:2::/48
Next, you need to install “wireguard-tools” and “luci-i18n-wireguard-ru” will not hurt. This is done as I remember in System → Software with a router connected to the Internet. Before searching, you need to click “Update lists…” otherwise the search will not work.
It would seem that I installed only 2 packages, but the Installed tab shows 5. All the necessary packages are installed together (wireguard-tools, kmod-wireguard, luci-app-wireguard, luci-i18n-wireguard-ru, luci-proto-wireguard)
I reboot the router and make a backup just in case. Now in the Status tab, at the very bottom, the WireGuard item has appeared, which says No WireGuard interfaces configured.
By analogy with OpenVPN, I do everything in a similar way.
Network → Interfaces → Add new interface…
I write the name WARP
Protocol WireGuard VPN
Create interface
Next, Import configuration comes to the rescue with the “Load configuration…” button.
I drag the file there and see that all (?) settings have been successfully applied?
Checking...
The private key was inserted from the line "[Interface] PrivateKey = "
Public key from "[Interface]# PublicKey = "
The port for incoming connections is empty, but it does not seem to be in the config either
IP addresses inserted from “[Interface] Address = 2606:4700:110:8322:1254:4535:9298:6886”, that is, only v6? I don’t know if this is necessary, but manually and v4 I will add “Address = 172.16.0.2”
On the advanced settings tab
Use own DNS servers inserted from “[Interface] DNS = 1.1.1.1”
And everything seems to be here
In the Peers tab
A new setting has been added, click "Change" to see what's inside:
Description of warp.conf, this is the name of the file that I uploaded
The public key was inserted from “[Peer] PublicKey =”
Allowed IP addresses, everything that I wrote in "[Peer] AllowedIPs = " was inserted here. But again, only v6
End node inserted from “[Peer] Endpoint = engage.cloudflareclient.com:2408” but only up to colon
End node port inserted from “[Peer] Endpoint = engage.cloudflareclient.com:2408” but only after the colon
And I didn't notice any changes.
A question has come up. Is the program accidentally or intentionally ignoring IP v4 addresses? Should I add them manually or not? And if so, should I paste them into the same file or create a new one?
Perhaps I will add them to the same file.
Apply all settings.
The instructions that I found also say to stop the WAN6 interface. This button is disabled for me. Perhaps the instruction is only for the config with IPv4, but I also have v6, which is why it doesn’t work. Xs…
Now Network → Firewall → Add
Name well, for example WG0
input reject
output accept
forward rejection
Masquerading tick
MSS clamping tick
Covered networks is the same WARP interface that I created in the last step
Allow forward from source zones : lan
After saving it looks like this
Apply settings again
Back to interfaces
Network → Interfaces → WAN → Edit
In the Advanced settings tab, I uncheck the Use DNS servers declared by the host and enter my own from the config. Geez why. It seems that the same thing is written in the WARP interface, maybe you shouldn't do it again?
WAN6 was disabled in the instructions, but it works for me. So maybe I'll post it there...
Apply settings again
Further in the instructions there is an item Add Kill Switch (Optional), but since it is not required, I will not do it. Yes, and it is not clear what this is and why...
Restarting the router...
̶A̶n̶d̶ ̶I̶ ̶s̶u̶c̶c̶e̶s̶s̶f̶u̶l̶l̶y̶ ̶l̶o̶s̶t̶ ̶t̶h̶e̶ ̶I̶n̶t̶e̶r̶n̶e̶t̶
After some time, the Internet appeared. It looks like the settings take a long time to apply.
Now in the Status tab → WireGuard Status
Which node is displayed. But how to check that everything works? I'm trying to access YouTube without any VPN and proxy...
Nothing comes out.
In one browser writes
Writes something else in another
Output. Or maybe I've set it up wrong, which is quite possible. Or I indicated the wrong, or not all, YouTube IP addresses.
Is there any way to find out why nothing works for me?
Forget about the whitelist for a moment. As I understand it, it's too complicated. How to set up WireGuard in general?
I did everything according to the instructions I found. Everything is set up like this.
Although I configured everything (almost everything) according to the instructions found on the Internet. I just didn't do Kill Switch because it's indicated that it's not necessary. But at the same time, it seems that WireGuard still does not work. What did I not do or did wrong?
The same WireGuard config works for me both on a smartphone and on a PC...
Do you have a successful handshake? What is the output of the following:
wg show
What does it mean?
Is this a console command?
login as: root
root@192.168.1.1's password:
BusyBox v1.35.0 (2022-10-14 22:44:41 UTC) built-in shell (ash)
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
-----------------------------------------------------
OpenWrt 22.03.2, r19803-9a599fee93
-----------------------------------------------------
root@K14M:~# wg show
interface: WireGuard
public key: 4277jlUOO8NdTMR+LrBQiC5uPEujwNB7tMS5kHOA2zg=
private key: (hidden)
listening port: 57818
peer: bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=
endpoint: 162.159.192.1:2408
allowed ips: 0.0.0.0/0, ::/0
root@K14M:~#
You are not getting a handshake (handshake ~= connection). There is an error in your configuration. Likely a problem with the keys.
1 Like
Did you disable the PC's WG connection before trying to establish the one on OpenWrt?
2 Likes
It's worth pointing out that the endpoint IP is not the same on your PC vs OpenWrt.... maybe that's related?
1 Like
Does not differ in the config file both are specified.
[Peer]
PublicKey = bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=
Endpoint = engage.cloudflareclient.com:2408
# endpoint = 162.159.193.5:0
# Endpoint = [2606:4700:d0::a29f:c009]:0
AllowedIPs = 0.0.0.0/0
AllowedIPs = ::/0
I checked just in case, but nothing has changed...
let's see the contents of /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd7a:812e:8c92::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device
option name 'eth0.2'
option macaddr 'c0:25:e9:d3:49:b1'
config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
option peerdns '0'
list dns '1.1.1.1'
config interface 'wan6'
option device 'eth0.2'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
option peerdns '0'
list dns '1.1.1.1'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '1 2 3 4 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0 6t'
config interface 'WARP'
option proto 'wireguard'
option private_key '████████████████████████████████████████████'
list addresses '172.16.0.2/32'
list addresses 'fd01:5ca1:ab1e:86df:b40f:273d:2974:7bb/128'
option peerdns '0'
list dns '1.1.1.1'
config wireguard_WARP
option description 'warp.conf'
option public_key 'bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo='
list allowed_ips '0.0.0.0/0'
list allowed_ips '::/0'
option endpoint_host '162.159.193.5'
option endpoint_port '2408'
option persistent_keepalive '25'
Hi sorry to hijack or if I am off topic. I just use a second OW router with wireguard to do this for my TV.
That way I can avoid all the complex configuration and just get it up and running then later figure out all the other stuff. The gl-inet routers have a built in wireguard VPN app that makes it easier to switch countries.
Looking at your configs you might want to add your wireguard provider DNS to the WAN interface.
I disable ipv6 interface as my ISP doesn't use it. Wireguard works and has been solid for me with trusted providers such as mullvad and azire. Some providers like wevpn didn't work on OW with wireguard when I tested them last year.
Sidenote: As others have pointed out it's hard to whitelist youtube because they have 1000's of servers. So I just use a dedicated OW wireguard router instead. A C7 v2 will get you 75mbps on wireguard. But youtube only needs 5-10mbps.
HTH
Here's some screen shots of a correctly configured firewall for wireguard on ver 19.07. There is no fancy routing - this is a basic configuration to encrypt the entire outgoing connection. You can daisy chain routers together.:
Here's some screen shots of the wireguard interface on 19.07:
***Also you can't run the same wireguard key/server config on a computer and the router at the same time or the key may get blacklisted by the provider.
2 Likes
The second router still needs to be bought, and when stores and mail are not working, this is difficult to do.
Chromecast is controlled from a smartphone or PC only if they are on the same network. If I buy a second router, I will lose the ability to play movies on it that are locally located on my PC.
I can not do it. The button is inactive. I can disable WAN, but I can't disable WAN6
Hello K14M
I had some Wireguard + OpenWRT issues some are similar issues to yourself.
You can see my thread here
I am still new to openwrt and networking in general so can not offer the best or right advice, but I found you do need to take your time and watch/read and do research before leaping into openwrt. I found Vantech a life saver must have watched his videos 100 times, he has excellent videos showing how to get Wireguard and policy routing up and running.
I found the mullvad openwrt guide excellent also, I would not even have wireguard or internet up and running if it was not for Vantech videos, Mullvad wireguard guide and this community here.
Good luck
I did it. It turned out to set up WireGuard on the router with its own list of unblocked sites. Youtube and Google on PC now opens. Only here I used a completely different instruction for this.
But now the problem is with the smartphone. When the smartphone is connected to the router, then Google works fine on it. But the android application of YouTube does not load. I added such addresses to unblock YouTube on a PC
google.com
youtube.be
youtube.com
www.youtube.com
m.youtube.com
ytimg.com
s.ytimg.com
ytimg.l.google.com
youtube.l.google.com
i.google.com
l.google.com
googlevideo.com
i.ytimg.com
Does the mobile app have a separate domain?
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.