[SOLVED] Setting Gateway on Wireguard VPN

Gabrifol · January 1, 2023, 8:12pm

Hi everybody!
I have successfully installed Wireguard VPN on my openwrt, everything works fine and I'm able to connect from my iPhone and Tablet to my private lan.

Actually, when I ì'm connected with VPN to my openwrt from my clients (phone and tablet) I navigate on internet with the openwrt wan (checked with myip.com),
I would like to know if it's possible set up another similar VPN for the same LAN but using the client gateway to navigate on internet, (for example 4G ip or other connection ip, not the mine)

Thanks to all for the support!!

psherman · January 1, 2023, 8:20pm

Generally speaking, you can easily make a wireguard "client" on your OpenWrt such that your apparent IP address changes to the public IP address of the remote peer. This is the principle behind essentially all commercial VPN services -- if you setup an account with any one of those services, you should be able to achieve the goal.

However, if your intent is to do this with your phone's IP as the effective gateway for your main network, this is unlikely to be successful because your phone almost certainly does not have a publicly routable IP address. This means that your main router would not be able to establish the connection to the phone (the phone would have to establish the connection first), and so any break in the process would cause your internet to go down entirely.

To be clear, in order to do this 'client' type config, you must either control both sides of the tunnel and have a public ip address on the 'remote' side, or you must have an account with a commercial VPN service or similar.

Gabrifol · January 1, 2023, 8:42pm

psherman:

Generally speaking, you can easily make a wireguard "client" on your OpenWrt such that your apparent IP address changes to the public IP address of the remote peer. This is the principle behind essentially all commercial VPN services -- if you setup an account with any one of those services, you should be able to achieve the goal.

However, if your intent is to do this with your phone's IP as the effective gateway for your main network, this is unlikely to be successful because your phone almost certainly does not have a publicly routable IP address. This means that your main router would not be able to establish the connection to the phone (the phone would have to establish the connection first), and so any break in the process would cause your internet to go down entirely.

To be clear, in order to do this 'client' type config, you must either control both sides of the tunnel and have a public ip address on the 'remote' side, or you must have an account with a commercial VPN service or similar.

I want navigate on internet with my phone's ip address (4G) while I'm connected through vpn to my openwrt.
Before Wireguard I used OpenVPN, and I had in the clients configuration the remote gateway to inject, so in my phone I had 2 configuration: one for navigate with the phone ip, and one for navigate with the openwrt wan ip, both while I was connected to my vpn. Do you mean that with your first solution?
Because I think your first solution it's fine. What should I edit in my clients?

psherman · January 1, 2023, 8:48pm

Oh, I see.
Yes, this is simple... just change the allowed IPs in the peer configuration (on the phone) to only include the IP address range for your network. So, if your home LAN is the OpenWrt default, it would be 192.168.1.0/24. Obviously adjust as needed to match your own network address and subnet size.

Gabrifol · January 1, 2023, 8:57pm

Yeah! that's works!!
Thanks again!
Your supports advices are always great!!!

system · January 11, 2023, 8:58pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.