Also, I'm comparing my UCI network listing against yours and I'm seeing some differences that I'm not sure about. I more used to looking at the files directly rather than the UCI listing.... can I trouble you for the WG section of your /etc/config/network file in that format?
cat /etc/config/network
Sure, This is the file configuration:
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fda8:eff7:af91::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device 'lan_dev'
option name 'eth0'
option macaddr 'REDACTED'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '0'
config interface 'wwan'
option proto 'dhcp'
config interface 'wg0'
option proto 'wireguard'
option private_key 'REDACTED'
option listen_port '51820'
list addresses '192.168.9.1/24'
config wireguard_wg0 'wgclient'
option route_allowed_ips '1'
option public_key 'REDACTED'
list allowed_ips '192.168.9.2/32'
option persistent_keepalive '25'
I don't know if this matters, but my (working) configuration has simply:
config wireguard_wg0
Also, regarding the image you posted of your client config -- I assume you populated the "endpoint" field with something that you've removed for the screenshot? It should be in the format <IP_address>:<wg_port>. What IP address did you use (if a public IP address, don't share the full thing, maybe just the first octet)?
The endpoint is wrong.
First it is a private address (192.168...) and the port should be 51820 as you have configured on the router here.
Check your public IP on the TP link router you have and forward port 51820 there back to OpenWrt router.
This is presumably ok for testing, but will only work while you are connected via WiFi on your own network. For practical use, you need to have the public IP address in the endpoint field and the port forwarding must be properly configured.
It is again not able to connect to internet after connecting to VPN.
But, whole point of this process was to achieve an openwrt based configuration, which works as a repeater with Wireguard server running on it. So, I can connect it to public Wi-Fi like Restaurants or Hotels and browse securely, with a portable device.
My other choice was openVPN, but I thought I to try Wireguard after going through some research.
Any further blog links or documentation might be helpful.
How are you testing this? from inside your network (i.e. connected to your wifi) or from somewhere outside?
Make sure you have a network utility application on your phone that can do ping and traceroute.
What are the results for:
If those work, try traceroute to google.com and post the results.
EDIT: Did you fix the port number on the phone's peer config (should be 192.168.1.1:51820 if you're testing from inside your network, or your_public_ip:51820 if you are testing from outside.
Also, did you check that the public IP address you see on your TP-Link router (the one that is directly connected to your internet service) is the same as what you get when you type into google "ip check"? Have you verified the port forwarding is configured properly on your TP-Link router?
Can you provide output of command sysctl -a |grep entropy
?
