So the problem is currently related to your upstream network, not the OpenWrt router with Wireguard.
No, everything work properly if I connect to my ISP's modem. The OpenWRT router has the connection problem. I can see every connected device on Openwrt, but no connections work outside of the internal network.
I'm confused... you said:
when I asked about a computer connected to the 192.168.0.0/24 network. Did our wires get crossed somewhere?
Let me describe my set up.
I have the openwrt router connected to the wan ports to the isp modem in both locations.
All of my devices are connected to OpenWrt at home (Site B), but there is no internet connection. But, if I connect directly to the isp router, there is a connection. The openwrt router had the internet connection before I made some adjustments to the network and firewall configurations.
On the office route (Site A), this issue does not exist.
If it's clear, please let me know.
Once more, I appreciate your assistance.
To clarify, does it look like this:
ISP Modem LAN port > OpenWrt WAN port
ISP Modem LAN port > OpenWrt WAN port. Correct!
Ok... so let's do this.
- Make a backup of your current OpenWrt configuration
- Reset your OpenWrt router to defaults
- Test internet connectivity using a computer connected via ethernet
- If that works, go ahead and setup your wifi again, and verify that wifi works properly, too.
Let me know what happens there and then we can continue.
I'm in the process.
The OpenWrt router is ready.
I have fully access to internet and I already installed WireGuard.
I ran a couple tests where I copied the old WireGuard interface settings, and I once more lost internet connectivity.
config interface 'Site_B'
option proto 'wireguard'
option private_key 'iD7phS/Ri5Rxy8aw3qIWZMw1M1ayvM2zk1FGlcuBzH4='
option endpoint_port '192.168.25.2'
config wireguard_Site_B
option description 'SITE_A'
option public_key 'd9IEa23Ftl4385w8XBHntiY0kzixNmeF/v4etdv1ekI='
list allowed_ips '0.0.0.0/0'
option route_allowed_ips '1'
option endpoint_host '80.XX.109.223'
option endpoint_port '51820'
However, as soon as I removed the list allowed_ips '0.0.0.0/0' there is the internet connection, but not handshake.
What is the date/time of the router?
date
Wed Mar 15 17:07:36 UTC 2023
One thing that was never answered from earler...
Is the 5A in the office actually the main router, or is there another router upstream?
Yes, it is another router upstream.
I have access to the main router, but I'm not sure if I can make "too many changes"
You must be able to port forward UDP 51820 to the 5A in the office (the IP address that it holds on the office's LAN). Has this been done?
If the port forwarding hasn't been added to the main router, it means that there is no way for outside traffic to contact your office (Site A) WG device.
I added the port forwarding (UDP 51820) to the main office router. I'm not sure if the 192.168.0.2 is the correct address.
Configuring allowed_ips to 0.0.0.0 and activating route_allowed_ips will route all Internet usage into the tunnel. Don't enter this particular part of the configuration until you are sure the tunnel is working properly so that Internet access is not shut down.
At Site A, the IP to forward to needs to be the one held by the WAN interface of your OpenWrt router, which you can see as "IPv4 Upstream" on the OpenWrt main status page.
To make sure that it does not change, set up a DHCP reservation for the OpenWrt router in the main router.
1 Like
I changed the wan ip address to static with the following information but I lost the external connection.
The option ipaddr one the main page is set to 192.168.9.90
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option device 'wan'
option proto 'static'
option netmask '255.255.255.0'
option gateway '192.168.0.1'
option ipaddr '192.168.1.90'
You usually need to add dns, and your port forwarding from the main router will need to point to the new static address.
Also and more critically, your gateway and ip address are in different subnets.
Chances are that your ip needs to be 192.168.0.90
