My OpenWRT device is behind another router (frizbox) which is connected to the internet.
Is it possible to route traffic from the internet to the OpenWRT and set up Wireguard VPN server on the OpenWRT device?
How can it be done?
I was having a look at the docs and a tutorial, but after following the instructions mentioned in the tutorial I was not able to make a connection to my OpenWRT VPN server with my Android client.
I figured that I missed setting up DynDNS on OpenWRT (or on the WAN router?)?
Also, how can I setup the forwarding from WAN to OpenWRT router on the WAN router?
You would setup the device as normal (OpenWrt will route upstream with no further configuration by default - as long as there's no IP conflict with the default subnet of 192.168.1.0/24 on the Fritz LAN) - usually just plugging up its WAN port
Port forward the UDP listening port you configured Wireguard - from you upstream router to the WAN port of the OpenWrt
To be clear, you'd setup this port forward on the upstream FritzBox - you should inquire with there support if you need assistance in creating a port forward.
Lastly - create a rule on the OpenWrt to Allow the UDP port Input on WAN (i.e. "this device")
Well, you'll need to ensure the hostname properly resolves - but you can test using your Public IP. You do have a Public IP assigned to the Fritz, correct?
Fritz!OS supports Wireguard by default (in the newer releases), is there a specific reason for an additional device?
Or, alternatively, is it an option to install OpenWrt on your Fritz!Box or replace it entirely?
I still need to make sure of this. I have a public ipv4 address, but it is not static.
I wanted to retain the fritzbox with the original firmware as I have received it from my internet provider. So they can't blame me for messing with the firmware in case of technical issues with the line. And also to have it as a an added layer between WAN and LAN. Also, I like to keep some devices in the LAN of my WAN Fritzbox, so they can't interact with the other devices like my computers and my NAS.
But, for testing I just tried configuring Wireguard connection in my WAN fritzbox which would be useful for me. The configuration works and I can connect. But I can't access the internet through the connection for some unknown reason.
I'm pretty sure you need to remove the checkbox "Selbstständige Portfreigabe". A quick web search came up with it being associated with UPnP, this is not what you want. And I assume that you picked "UDP" as protocol?
When trying again, make sure to disable the built-in Wireguard server first.
If you use DSL (what I assume) you can use a FRITZ!Box 7520 or 7530 directly with OpenWrt as your main router (DECT and phone features do not work). You can isolate clients by putting them into a different VLAN, so you could assign ports 1-2 to your private LAN and ports 3-4 to your IoT network.
Add a dns server to the peer’s interface config (maybe 192.168.100.1) and then change the alloedcips on the peer’s peer config section to 0.0.0.0/0. To be clear, both of these changes will happen on the configuration for the peer that is not the openwrt device.