VMM install OpenWrt to use WireGuard VPN

Installing and Using OpenWrt Network and Wireless Configuration
21

First off, for a road warrior phone somewhere away from home to reach the VPN server running at home (but not on the home main router, instead it is a separate device), the Wireguard port (51820) must be forwarded from the Internet through the home network to the NAS IP on the home LAN. Encrypted packets from the phone will arrive on this port.

This generally involves using a DDNS server so that the phone can find your home's IP by name, as ISPs change the customer's IP numbers sometimes. Also the ISP has to allow incoming connections and not NAT your connection.

When testing turn off wifi in the phone so it is using the cellular ISP and not your home LAN.

Once the above has been taken care of and a VPN tunnel is even possible, then you can start to think of what to do with VPN'd traffic that arrives through the tunnel. Assuming you want all of the phone's Internet usage to tunnel to home and go out on the home IP:

  • phone wg0 interface and home wg0 interface close but different IPs-- in the same subnet-- (an obscure /24 is typically used for this)
  • At home, allowed_ips from the phone are just the phone's wg IP /32.
  • On phone, allowed_ips are 0.0.0.0/0 since the whole Internet will be coming through the tunnel.
  • set route_allowed_ips flag both places.
  • At home, wg0 in a separate firewall zone.
  • Rule to allow forwarding from wg0 to lan.
  • Set masquerade on the lan zone.
1 Like
22

I want to set up a device that needs to connect to the VPN by specifying openwrt as a bypass route to access the external network. Due to the restrictions of the national firewall, domain names such as youtube cannot be accessed.

The upper-level router at home has already set up port forwarding, but I don’t know if the settings are correct.

Can you guide me how to configure correctly according to the setting interface.

23

QQ图片20230111103609
QQ图片20230111103609988×101 4.41 KB

24

Yes that looks correct. When you have the phone outside the home LAN (by using the cell modem) does wireguard show that handshaking is completed?

1 Like
25

Hey guys, I installed openwrt in vm, also installed adblocker and Vpnclient .ovpn
in the home network, everything works through another router, lan and wifi are transmitted
Now I can't connect from outside mobile network.
when setting up Wg, my vpn client .ovpn starts to turn off and the Internet disappears.
how do i set up a network to connect to wg but keep my vpn client working

P.S
if i disable openvpn-client then wg tunnel works
how can i run two at once?