Simple steps to import wireguard config file

I guess 172.16.0.2, based on the configurations:

config interface 'CloudFlare'
	option proto 'wireguard'
	option private_key '*'
	list addresses '172.16.0.2/24'
	list addresses 'fd01:5ca1:ab1e:8f32:d504:87c5:43d0:6002/64'

No, .2 is the address that the Wireguard tunnel has on the OpenWrt side.
On the Cloudflare side you have a different one.
Do you have the Wireguard configuration of the Cloudflare server?

1 Like

you right. it's weird because when I successfully connect using this .conf on my windows, 172.16.0.1 still unreachable to me, even though my traffic pass through VPN and my Public IP changed.

Yes. also I posted it before too:

[Interface]
PrivateKey = *
DNS = 1.1.1.1
Address = 172.16.0.2/32
Address = fd01:5ca1:ab1e:8f32:d504:87c5:43d0:6002/128

[Peer]
PublicKey = *
AllowedIPs = 0.0.0.0/0
AllowedIPs = ::/0
Endpoint = *.*.192.1:2408

This is the configuration of the client, the one you are using in OpenWrt and Windows.
I am asking for the configuration that you have on the other side, the Cloudflare server.

1 Like

Ummm sorry. no, obviously. server isn't mine. it's warp cloudflare servers.

ok, then leave the addresses with /32 and /128 as they told you.
Try to traceroute to the internet and see if it works.
traceroute -i CloudFlare 1.1.1.1

1 Like

I verify the /etc/config/network again and I find something:

config route
	option interface 'CLOUDFLARE'
	option target '0.0.0.0'
	option netmask '0.0.0.0'
	option table 'wgvpn'

as you mentioned:

So, my mistake. I didn't notice to correct 'CLOUDFLARE'. so thanks to you, as I fix that, the network start to working.
Here the corrected configuration:

config route
	option interface 'CloudFlare'
	option target '0.0.0.0'
	option netmask '0.0.0.0'
	option table 'wgvpn'

Now everything's fine. but when I try this, It failed to traceroute using 'CloudFlare' interface and all 30 hops shown as * * *.

What is the output of these commands?
wg ; ip -4 addr; ip -4 ru; ip -4 ro ls table all
Cover public IPs and keys as usual.

1 Like

here is the results

wg:

interface: CloudFlare
  public key: *
  private key: (hidden)
  listening port: 45219

peer: *
  endpoint: *.*.192.1:2408
  allowed ips: 0.0.0.0/0, ::/0
  latest handshake: 1 minute, 10 seconds ago
  transfer: 16.59 MiB received, 3.18 MiB sent
  persistent keepalive: every 23 seconds

ip -4 addr:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
4: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    inet 192.168.220.1/27 brd 192.168.220.31 scope global br-lan
       valid_lft forever preferred_lft forever
8: wlan0-1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    inet 192.168.230.1/24 brd 192.168.230.255 scope global wlan0-1
       valid_lft forever preferred_lft forever
10: pppoe-wan: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc fq_codel state UNKNOWN group default qlen 3
    inet *.*.*.* peer *.*.*.*/32 scope global pppoe-wan
       valid_lft forever preferred_lft forever
11: CloudFlare: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 172.16.0.2/32 brd 255.255.255.255 scope global CloudFlare
       valid_lft forever preferred_lft forever

ip -4 ru:

0:      from all lookup local
1:      from 192.168.230.0/24 iif wlan0-1 lookup wgvpn
32766:  from all lookup main
32767:  from all lookup default

ip -4 ro ls table all:

default dev CloudFlare table wgvpn proto static scope link
default via #.#.#.# dev pppoe-wan proto static
#.#.#.# dev pppoe-wan proto kernel scope link src #.#.#.#
*.*.192.1 via #.#.#.# dev pppoe-wan proto static
192.168.220.0/27 dev br-lan proto kernel scope link src 192.168.220.1
192.168.230.0/24 dev wlan0-1 proto kernel scope link src 192.168.230.1
local #.#.#.# dev pppoe-wan table local proto kernel scope host src 5.62.163.22
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
local 172.16.0.2 dev CloudFlare table local proto kernel scope host src 172.16.0.2
broadcast 192.168.220.0 dev br-lan table local proto kernel scope link src 192.168.220.1
local 192.168.220.1 dev br-lan table local proto kernel scope host src 192.168.220.1
broadcast 192.168.220.31 dev br-lan table local proto kernel scope link src 192.168.220.1
broadcast 192.168.230.0 dev wlan0-1 table local proto kernel scope link src 192.168.230.1
local 192.168.230.1 dev wlan0-1 table local proto kernel scope host src 192.168.230.1
broadcast 192.168.230.255 dev wlan0-1 table local proto kernel scope link src 192.168.230.1

It looks fine and there are packets exchanged between OpenWrt and Cloudflare.
If it is still not working you'll need to run a tcpdump (opkg update; opkg install tcpdump) and verify that you receive the correct responses.
tcpdump -i CloudFlare -vn
Let it capture a few packets, while you try to access the internet from a host connected to wlan0-1. Stop it with Ctrl-c and paste her the output.

2 Likes

I prefer gl inet already provides import config wireguard

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.