I have set up ProtonVPN on Wireguard with OpenWRT on DLink DIR 853 (Firmware version : OpenWrt 23.05.0-rc3 r23389-5deed175a5 / LuCI openwrt-23.05 branch git-23.219.80063-bece581) Router with the router connected via Ethernet cable from the ISP provided modem (DOCSIS). I have set the router IP address as 192.168.1.1 whereas the ISP provided modem router has IP address as 192.168.0.1
Now I am successfully able to connect to internet on multiple devices from the DLink Router but unfortunately it stops working sometimes sporadically on any wifi devices as well on LAN connections. I even tried to run ping -t on www.google.com and observed that some Requests timeout like for 600 requests around 19 were lost. I have double checked all my settings but am unable to figure out the root cause for this.
FYI: I even ran ping -t www.google.com on the ISP provided modem router, and there were no packet losses whatsoever.
sysupgrade to stable release 23.05.5
Can you disable NAT on your modem?
I have updated the version to 23.05.5 and turned off Masquerading for WAN and VPN in the Firewall section. But I still observe Request timeouts on ping even after that. Any pointers?
Disable NAT on DOCSIS modem? But leave on OpenWRT.
I am using a Vodafone Station which even in Expert Mode does not have that option. What can I possibly do now?
If you can't set the ISP modem into a 'bridge' mode or similar and it has to be kept as a router then let it handle the routing duties and set your Openwrt device to be an access point only.
Having double NAT is never going to result in a good outcome. Possibly triple NAT with the ISP using CGNAT on their infrastructure.
[OpenWrt Wiki] Wi-Fi Extender/Repeater with Bridged AP over Ethernet
In that case, how can I use a VPN on Wrt as Access Point? What would be the possible configuration in that case?
Yes, you can add extra AP via VPN. As much as VPN is concerned the "internet connection" becomes a media to carry VPN connection, then you use VPN as a WAN for new access point (think pppoe where cable bears only pppoe tunnel)
Thanks. Do you have any guide for setting this up? Actually I am bit novice in this. I have it set up as below:
Any guidance here?
Looks correct. pbr package if you have space can wrap leaky corners.
what am I missing here?
Everything looks correct, you nat LAN to VPN.
Then what can be the possible cause of the issue?
But what is the issue?
show
ip -4 ro sh
(cut off last 2 numbers in IP addresses)
default route scope should be global.
how do I change that? Any specific command?
not very fancy but you can delete and re-add route.
Did not help much even after formatting the router and setting up all again. Any ideas?
Do you generally have Internet access? Pinging Google is not a good test of network performance because their servers have a priority on serving search requests. Their end will drop pings often. Also Google takes a dim view of anything coming from a known commercial VPN provider's IP.