[Solved] WireGuard not adding static route

I configured WireGuard with one peer:

config interface 'wg0'
        option proto 'wireguard'
        option private_key 'xxxxxxxx'
        option listen_port '46422'
        list addresses '10.123.1.58'

config wireguard_wg0
        option description 'la05'
        option public_key 'xxxxxxxx'
        list allowed_ips '10.123.1.53/32'
        option endpoint_host 'example.com'
        option endpoint_port '38917'

I did not select the "No Host Routes" option

I confirmed the config has been loaded:

interface: wg0
  public key: xxxxx
  private key: (hidden)
  listening port: 46422

peer: xxxxx
  endpoint: xxx.xxx.xxx.xxx:38917
  allowed ips: 10.123.1.53/32

I expected this to create a static route for 10.123.1.53/32 (like wg-quick on Linux does), but it didn't:

root@OpenWrt:~# ip -4 route
default via 135.180.xxx.xxx dev eth1  src 135.180.xxx.xxx
10.1.0.0/16 dev br-lan scope link  src 10.1.0.1
10.20.0.0/16 dev iot-no-net scope link  src 10.20.0.1
10.30.0.0/16 dev iot-net scope link  src 10.30.0.1
135.180.xxx.xxx/22 dev eth1 scope link  src 135.180.xxx.xxx

It worked fine once I manually added the route:

ip -4 route add 10.123.1.53/32 dev wg0

How do I get OpenWrt to add this route automatically? And if it can't be done, how would I configure this route in OpenWrt without having to manually run ip route?

In the peer config section of the openwrt router’s wireguard stanzas, be sure to enable ‘route_allowed_ips’

Wow, so simple! Thanks for your help again @psherman. Is there a reason that's not the default? It's the default behaviour of wg-quick.

There is no real “default” as each setup is unique and needs different things. It is a simple checkbox, though.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.