Travel router with Wireguard VPN to home network

Installing and Using OpenWrt
1

Hello,

I am a total beginner with routing and especially OpenWRT.
Nonetheless, I am eager to learn und use it.

Here is what I want to do:
I have bought a Gl.inet AL1300 travelrouter.
Now I want to connect this router via Wireguard to my homenetwork:

  1. All of the traffic from the travelrouter shall be sent through the Wireguard tunnel
  2. Devices from my homenetwork shall be able to communicate with the devices in the travelrouter's network and vice versa.

The basic idea is to be able to connect the travelrouter to any unsafe WiFi/LAN network, e. g. in a hotel. Now I can connect any device like a baby monitoring device with the travelrouter.
Even if I am not connected to the travelrouter, but with a direct Wireguard tunnel to my homenetwork, I want to be able to communnicate with the devices connected to the travelrouter.

I hope you understand, what I mean.

So here is the relevant information:

  • Homenetwork router: FritzBox 6660 Cable, 192.168.95.0/24
  • Travelrouter: Gl.inet AL1300, 192.168.25.0/24

Within the Fritzbox I can create 2 different VPN configs:
one for end devices (like my mobile phone; this works without any problem) and one for routers.
So I created one for routers which looks like this:

[Interface]
PrivateKey = xxx
Address = 192.168.25.1/24
DNS = 192.168.95.3,192.168.95.1

[Peer]
PublicKey = xxx
PresharedKey = xxx
AllowedIPs = 192.168.95.0/24,0.0.0.0/24
Endpoint = xxx:59584
PersistentKeepalive = 25

I have a DNS server (AdGuardHome) running on .95.3.

Now the interesting part is:
I uploaded the config to the travelrouter and activated the tunnel.
Now I am able to communicate in both directions (as desired). :white_check_mark:

But as soon as I activate the tunnel, I can no longer browse the internet.
Pinging anything outside the network from the AL1300 results in: sendto: no error information

On my DNS Server I can see requests coming in from 192.168.25.1. AdGuardHome also does not show any error messages or something; just regular requests and replies.

Does anyone have an idea on what I am missing here?
Why can't I browse the web anymore?

Also, but only second priority: I disabled IP masquerading for the Wireguard interface (because I wanted to see and control which device talks to the network). But I still see traffic only coming from .25.1.

If anyone could help me out, I would be very thankful!

Cheers

2

I have seen that Fritzbox has a very peculiar way of dealing with WireGuard but I do not have a Fritzbox so cannot help you with that.

For simplicity I would treat your travel route as a regular WG client just like your phone

Just some observations but perhaps better ask at the fritzbox forum:

This does not look good as it is your own subnet, I have seen that Fritzbox uses WG address in its own subnet but then do not use /24 and use an address not taken already

0.0.0.0/24 looks wrong that should be 0.0.0.0/0

3

Thank you!

So I've created a new config file, treating the travelrouter as Client.
It now has the IP 192.168.95.208, in the FritzBox it's shown with /32.

[Interface]
Address = 192.168.95.208/24
PrivateKey =xxx
DNS = 192.168.95.3,192.168.95.1
MTU = 1420

[Peer]
AllowedIPs = 192.168.95.0/24, 0.0.0.0/0
Endpoint = xxx:59584
PersistentKeepalive = 25
PublicKey = xxx
PresharedKey = xxx

Now the internet works and I am able to access the upstream network (.95.0).

But I cannot (yet) figure out a way on how to access the travelrouters network (.25.0).
I thought of defining a static route within the FritzBox with .208 as Gateway, but the FritzBox somewhat does not allow this ("route is not permitted").

image
image231×227 2.2 KB

How can I now access the downstream network?

Thank you again for your help in advance!

4

I cannot help you with the Fritzbox but some basics about connecting two routers, this is called a site-to-site setup.
On the "client side" use firewall setup as if it is a server and add the other sides subnet as allowed IPs (that is already done.
On the "server side" (fritzbox) add the subnet of the client side as allowed ips: (192.168.25.0/24 in your case)

In my notes there is a paragraph about that, maybe that gives you some pointers.
See: https://github.com/egc112/OpenWRT-egc-add-on/tree/main/notes

You need the Server Setup guide, better download it as Github only shows the first 5 pages

5

Ok. That, unfortunately, brings me back to the config from my first post.
In the FritzBox, I can see these settings:

[Peer] #this one is travelrouter as client
PublicKey = xxx
PresharedKey = xxx
AllowedIPs = 192.168.95.208/32
PersistentKeepalive = 25

[Peer] #this one is travelrouter as router
PublicKey =xxx
PresharedKey = xxx
AllowedIPs = 192.168.25.0/24
PersistentKeepalive = 25

Unfortunately, I cannot edit this file manually.

So, if I understand you correctly, the second config (travelrouter as router) should be the correct one, as it allows the .25.0/24 subnet?
Then "all that's left" is to get the internet access working.

Is there anything I can check on my travelrouter's (client) site?

6

You travel router must have 0.0.0.0/0 as Allowed IPs and needs to have Enabled Route Allowed IPs.

The fritzbox need to have 192.168.25.0/24 as allowed IPs

But you should really ask at the fritzbox forum

7

Looks like the change to 0.0.0.0/0 did the trick.

Awesome, thank you for your help! :slight_smile:

1 Like
8

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.