I am trying to setup OpenWRT Modems / Windows PC(s) that makes use of wireguard to create ZeroTier-like peer to peer connection however i am struggling to even setup WireGuard on OpenWRT.
I am very new to VPN(s) and Networking protocols.
I have installed wireguard-tools , kmod-wireguard , luci-proto-wireguard , qrencode , and libqrencode packages in openwrt.
These are my steps i took:
I created a new interface: wg0
Protocol: Wireguard VPN
Generated a new key pair
Listen port: 51820
IP Addresses: 10.0.0.1/24
Firewall-zone: wan
Then, I added a new peer:
Generated a new key pair
Allowed IPs: 10.0.0.2/32
Endpoint port: 51820
I then went to "Generate Configurations" to get the Interface and Peers Keys and other information. Copied it and pasted in an "Empty Tunnel" in the Windows WireGuard.
Afterwhich i rebooted the modem and activated the tunnel.
But i realised the following:
The OpenWRT interface for WireGuard dont show any RX or TX, on the Windows interface, there are only data sent but not received. I also am not able to surf the internet while i am connected by WIFI on my Windows PC(Activated Tunnel).
hi, can i know what you meant by having public IP address being reachable? does it mean if i have 3 PC(s) and 5 routers, i need to have 8 public ip addresses ?
You need only one public IP address.
Your ISP hands out your IP address on the internet, that can be seen on your ISP router or if your ISP router is in bridge mode it can be seen on your internet connected router.
My router is directly connected to the internet as my ISP modem is in bridge mode.
On Status > Overview page you can see your IPv4 address:
This is the address the router can be reached and thus the endpoint address of your WG client.
BUT not all ISPs give you a public address but set you behind NAT/CGNAT in that case your Internet address starts with 10 or 100.
If that is the case you cannot be reached from the internet directly and have to use a man in the middle like zerotier or tailscale etc.
Well, not exactly. WireGuard is a standard point-to-point tunnel that needs a public IP address, while solutions like ZeroTier and Tailcale are SD-WAN (Software-Defined Wide Area Network) vpn services that make it much easier to connect multiple devices to your network—even if you don't have a public IP (like when you're behind CGNAT).
With WireGuard, you have to set up a separate tunnel for each new device that needs to connect to your local network. But with ZeroTier, everything is managed through a web-based service called ZeroTier Central. To add devices like computers or smartphones, you just install the client software, enter the network ID, and then approve access through ZeroTier Central. Once approved, the device can connect seamlessly to your network.
You might also want to look into Tailscale which is similar to Zerotier, but uses the Wireguard protocol under the hood. It's very easy to use and create a mesh network with all your devices with E2EE.
Tailscale works pretty much like Zerotier, and you manage your network and devices through the web-based Tailscale Admin Console. Both use Zero-Trust End-to-End Encryption (E2EE), are highly capable, and offer free personal accounts, though with slightly different limitations.
