Wan doesnt work after adding wireguard interface

"ping" works from OpwnWRT router via wan, but when I add below sections of wireguard config, "ping" doesn't work

config interface 'wg_0'
    option  proto  'wireguard'
    option  private_key  'XXXXXXXXXXX'
    list  addresses  ''
config wireguard_wg_0 'wgserver'
    option  public_key  'XXXXXXXXXXX'
    option  endpoint_host  ''
    option  endpoint_port  '30001'
    option  route_allowed_ips  '1'
    option  persistent_keepalive  '25'
    list  allowed_ips  ''
    list allowed_ips '::/0'

What I'm doing wrong?

Is this a valid wireguard server? The endpoint_host IP is private.
You are tunneling all traffic to that wg server, so if it isn't meant to connect you to the internet, you are blackholing yourself.

1 Like is a valid local wireguard server.
my wan interface is "eth1". Without wireguard sections, I'm able to do "ping -I eth1". And when I add add wireguard sections, "ping -I eth1" fails.

I suppose you do not have a route for or via eth1 when you bring up wireguard, right?


Destination     Gateway         Genmask         Flags Metric Ref    Use Iface         U     0      0        0 wg_0   U     0      0        0 br-lan1   U     0      0        0 wg_0   U     0      0        0 eth1 UH    0      0        0 eth1 UGH   0      0        0 eth1

Then it's not strange it doesn't know where to send it.
If you really need to ping google dns from eth1 when wg is up, add a static route for it via eth1.

Thanks, the below rules worked for me.

ip route del via dev wg_0
ip route add via dev eth1

You would have the same result if you removed the route allowed ips from peer configuration.


This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.