Setting up WireGuard client issues

Grommish · June 7, 2020, 4:58am

I've followed the many WG guides for OpenWrt and simply CLI. I've used OpenVPN .ovpn files to define the connection in luCi, and everything runs right up until I actually connect. I am able to connect to my VPN if I use the dev tun and the tun0 device, but not wg0. Can anyone point out what I'm doing wrong?

Sun Jun  7 04:55:11 2020 daemon.notice openvpn(PIA_Japan)[2046]: TCP/UDP: Preserving recently used remote address: [AF_INET]103.208.220.140:1197
Sun Jun  7 04:55:11 2020 daemon.notice openvpn(PIA_Japan)[2046]: Socket Buffers: R=[229376->229376] S=[229376->229376]
Sun Jun  7 04:55:11 2020 daemon.notice openvpn(PIA_Japan)[2046]: UDP link local: (not bound)
Sun Jun  7 04:55:11 2020 daemon.notice openvpn(PIA_Japan)[2046]: UDP link remote: [AF_INET]103.208.220.140:1197
Sun Jun  7 04:55:11 2020 daemon.notice openvpn(PIA_Japan)[2046]: TLS: Initial packet from [AF_INET]103.208.220.140:1197, sid=9f73ca2f 2bd53390
Sun Jun  7 04:55:11 2020 daemon.notice openvpn(PIA_Japan)[2046]: VERIFY OK: depth=1, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access, name=Private Internet Access, emailAddress=secure@privateinternetaccess.com
Sun Jun  7 04:55:11 2020 daemon.notice openvpn(PIA_Japan)[2046]: VERIFY KU OK
Sun Jun  7 04:55:11 2020 daemon.notice openvpn(PIA_Japan)[2046]: Validating certificate extended key usage
Sun Jun  7 04:55:11 2020 daemon.notice openvpn(PIA_Japan)[2046]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Jun  7 04:55:11 2020 daemon.notice openvpn(PIA_Japan)[2046]: VERIFY EKU OK
Sun Jun  7 04:55:11 2020 daemon.notice openvpn(PIA_Japan)[2046]: VERIFY OK: depth=0, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=1403072807434d25b0dbb6f028a61bfa, name=1403072807434d25b0dbb6f028a61bfa
Sun Jun  7 04:55:14 2020 daemon.notice openvpn(PIA_Japan)[2046]: Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Sun Jun  7 04:55:14 2020 daemon.notice openvpn(PIA_Japan)[2046]: [1403072807434d25b0dbb6f028a61bfa] Peer Connection Initiated with [AF_INET]103.208.220.140:1197
Sun Jun  7 04:55:15 2020 daemon.notice openvpn(PIA_Japan)[2046]: SENT CONTROL [1403072807434d25b0dbb6f028a61bfa]: 'PUSH_REQUEST' (status=1)
Sun Jun  7 04:55:15 2020 daemon.notice openvpn(PIA_Japan)[2046]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 209.222.18.222,dhcp-option DNS 209.222.18.218,ping 10,comp-lzo no,route 10.44.10.1,topology net30,ifconfig 10.44.10.10 10.44.10.9,auth-token'
Sun Jun  7 04:55:15 2020 daemon.notice openvpn(PIA_Japan)[2046]: OPTIONS IMPORT: timers and/or timeouts modified
Sun Jun  7 04:55:15 2020 daemon.notice openvpn(PIA_Japan)[2046]: OPTIONS IMPORT: compression parms modified
Sun Jun  7 04:55:15 2020 daemon.notice openvpn(PIA_Japan)[2046]: OPTIONS IMPORT: --ifconfig/up options modified
Sun Jun  7 04:55:15 2020 daemon.notice openvpn(PIA_Japan)[2046]: OPTIONS IMPORT: route options modified
Sun Jun  7 04:55:15 2020 daemon.notice openvpn(PIA_Japan)[2046]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Jun  7 04:55:15 2020 daemon.notice openvpn(PIA_Japan)[2046]: Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Jun  7 04:55:15 2020 daemon.notice openvpn(PIA_Japan)[2046]: Outgoing Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
Sun Jun  7 04:55:15 2020 daemon.notice openvpn(PIA_Japan)[2046]: Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Jun  7 04:55:15 2020 daemon.notice openvpn(PIA_Japan)[2046]: Incoming Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
Sun Jun  7 04:55:15 2020 daemon.err openvpn(PIA_Japan)[2046]: Error: problem with tun vs. tap setting
Sun Jun  7 04:55:15 2020 daemon.notice openvpn(PIA_Japan)[2046]: Exiting due to fatal error```

lantis1008 · June 7, 2020, 5:54am

OpenVPN is completely different to Wireguard.
You can't use the .ovpn to setup wireguard. Does your provider have WG specific instructions?

Grommish · June 7, 2020, 5:56am

I'm using PIA, which is supposed to support WG. I'll look specifically into their beta for it.

Grommish · June 7, 2020, 6:14am

the only public information I can find from them is to use their App.. Which isn't acceptable. I've opened a support ticket with them. I'm completely new to WG, so, what information do you recommend I get out of them?

otnert · June 7, 2020, 7:02am

see this post... https://www.reddit.com/r/PrivateInternetAccess/comments/g2bu31/wg_advanced_options_online_configurator/?sort=new

especially... the lack of an online WG configurator such as Mulvad one, so we can use the official WG client and also routers which run firmwares such as Open-WRT.

lantis1008 · June 7, 2020, 7:03am

I've only just started playing with WG myself today (just point to point using two routers) but at a minimum I guess you need a public key from them, and some way to give your public key to them, and some up addresses.

Grommish · June 7, 2020, 7:53am

I wonder if they would be willing to opensource the client, then I could just build the piactl into my image directly.

Grommish · June 7, 2020, 8:01am

And.. so they do...

system · June 17, 2020, 8:01am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.