Hi,
how is it possible to use OpenWrt as a Wireguard server and as a Wireguard client at the same time so that the end device in the network does not have to use a Wireguard app?
Thanks for your assistance?
Use Policy Based Routing
My notes about setting up WireGuard have a paragraph dedicated about this subject (in the WireGuard Server Setup guide)
1 Like
Hi egc thanks so much for your answer! I followed your Wireguard client setup guide (I'm not using Proton but the peer of the Wireguard server - is that correct?) and your Wireguard server setup guide. But I'm not sure if it works. What do you need from me? Any config files?
If you WireGuard client is active you can test with your local LAN clients using ipleak.net in a browser to see your IP origin that way you check if the WireGuard client is working
Then try to connect from outside e.g. with your phone on cellular to your WireGuard server.
If it works it works 
Also wg show from the Command line will tell you a lot about the WireGuard connections.
The PBR app will automatically take care of the routing of the WG server via the WAN you can check that with 'ip rule show` from command line this should show a rule with the WireGuard server listen port (e.g. 55443)
I do not use the Wireguard server from outside.
root@OpenWrt:~# wg show
interface: wgserver
public key: (hidden)
private key: (hidden)
listening port: 55443
interface: wgclient
public key: (hidden)
private key: (hidden)
listening port: 55443
peer: 123
endpoint: 192.168.178.44:55443
allowed ips: 0.0.0.0/0, ::/0
persistent keepalive: every 25 seconds
root@OpenWrt:~#
What do you say to that?
root@OpenWrt:~# ip rule show
0: from all lookup local
29999: from all sport 55443 lookup pbr_wan
30000: from all fwmark 0x10000/0xff0000 lookup pbr_wan
32766: from all lookup main
32767: from all lookup default
root@OpenWrt:~#
What do you say to that?
This thread is called Using OpenWrt as a Wireguard server and wireguard client
Not sure what you wanted to use a WireGuard server for if not for connecting to your home from outside?
My understanding is that I need a Wireguard server and a Wireguard client so that the end devices (e.g. Smartphone, Laptop) in the network provided by OpenWrt (e.g. WLAN and LAN) can communicate in encrypted form (in particular surf the Internet in encrypted form). Is there no need for a Wireguard server and only the Wireguard client?
You only need a WireGuard client for that
You might want PBR in case you do not want all your lan clients using the WireGuard VPN
So you can safely remove the WireGuard server.
In case you need help to setup a WireGuard client see my notes
Oh how good, that makes it easier
I have read through these instructions in full. I do not use a VPN provider such as Proton VPN. Can I use the Wireguard Client without a VPN provider?
Short answer: for save encrypted surfing the internet: No
For save encrypted surfing the internet, the Client needs to connect to a server somewhere on the internet usually this is a commercial VPN provider such as Proton which has a free offer which you can try.
Long answer:
You can connect your client to any WireGuard server somewhere else on the internet, be it a server on a friends location or a server you setup on a Virtual Private server in the cloud.
But your IP address will then be your friends IP address so everything will be tracked to your friend.
Are we going round in circles? What about the Wireguard server that I can install on OpenWrt? Does it do the same thing?
So you send encrypted traffic internally to your own server and then it goes onto the internet unencrypted so there is no point in doing this.
But have fun trying it