(Please let me know what information is missing, I will append it asap.)
The goal
Reach my home network via wireguard vpn from anywhere. (Second mission: create two or three networks, and reach each network with a different tunnel.)
Current setup
I use a Linksys WRT1900AC running OpenWrt 21.02.3. It is connected to the internet via PPPoE, the IP address from my ISP is directly at the WAN interface:
On address 192.168.10.132 I have a Raspberry Pi sitting, running PiHole and PiVPN.
What did I try?
PiVPN is configured with wireguard and a custom domain which gets my current ISP IP address via DynDNS (running on OpenWRT) and Port 51723.
On Network → Firewall → Port Forwards I added the following:
When I now connect to the VPN with my Smartphone, I can't reach any page, 192.168.10.1 doesn't work, and normal domains also don't work. It kind of loads until infinity.
How could you help?
I would appreciate a beginner-friendly tip how to trouble shoot my problem. I am also not eager to get PiVPN running, if there is a solution to reach the home network on OpenWRT itself, I will gladly try it. Important is the goal itself and to learn something about OpenWRT along the way.
When testing make sure the wifi on the phone is off so it is using the cellular connection which is truly outside the house.
On the VPN client and server, check that handshakes are being received. This shows that the address has been resolved, the port is open, and the encryption keys match. Then it becomes an issue of routing and firewall configurations.
If your PiVPN does not NAT from the VPN to the LAN, you will need to add a route in the main router (OpenWrt) back to the VPN tunnel subnet such as 192.168.8.0/24 via 192.168.10.132 device lan. Generally it is OK to have the VPN server NAT from the VPN road warriors to the LAN, since you won't be needing to initiate a connection from the LAN to the phone. But since the VPN server is not OpenWrt, that configuration is outside the scope of this forum.
Thank you for your answer! In the last few days I tried everything you recommended.
The solution in my case was: It really is easy to set up OpenWRT for the firewall, just open the chosen port as I did. BUT I also have a VPN connection for all traffic to go to NordVPN (it's the tun0 interface in the picture above) which somehow doesn't work together with the PiVPN. It took me three days to find out I have to deactivate it.
I wish both would somehow work together, but I understand too little of the whole topic to think of a solution for now.
What you need is called policy based routing. This will allow you to send all regular traffic through your commercial VPN while still permitting the PiVPN port forward to function from the regualr wan interface and the return traffic routed back out the wan (instead of the commercial VPN).
Thank you! It is very valuable to know what to even look for. I will look into PBR. Out of those options the PBR app looks the most comprehensible for a beginner.
Edit: It was surprisingly easy with your description! Or I didn't find the first problem yet. I installed vpn-policy-routing and luci-app-vpn-policy-routing, restarted and set the rule:
Erase your public IP and MAC adresses from the image