hey guys i was using WG and it was working Fine.
but now i installed and configured adguard and then WG interface stopped.
i followed the guide mentioned in this post
i think i have to configure other things also to set wg interface up and running.
please help me to fix it.
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
ubus call system board
cat /etc/config/network
cat /etc/config/dhcp
cat /etc/config/firewall
opkg list-installed adguardhome
login as: root
root@10.0.1.1's password:
BusyBox v1.36.1 (2025-06-23 20:40:36 UTC) built-in shell (ash)
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
-----------------------------------------------------
OpenWrt 24.10.2, r28739-d9340319c6
-----------------------------------------------------
root@Ipad:~# ubus call system board
{
"kernel": "6.6.93",
"hostname": "Ipad",
"system": "ARMv8 Processor rev 4",
"model": "Linksys E8450 (UBI)",
"board_name": "linksys,e8450-ubi",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "24.10.2",
"revision": "r28739-d9340319c6",
"target": "mediatek/mt7622",
"description": "OpenWrt 24.10.2 r28739-d9340319c6",
"builddate": "1750711236"
}
}
root@Ipad:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fddc:a4bf:eb83::/48'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '10.0.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option device 'wan'
option proto 'dhcp'
option hostname '*'
config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
config device
option type 'bridge'
option name 'br-guest'
option bridge_empty '1'
option mtu '1500'
list ports 'lan3'
list ports 'lan4'
config interface 'guest'
option proto 'static'
option device 'br-guest'
option ipaddr '192.168.5.1'
option netmask '255.255.255.0'
config interface 'wg'
option proto 'wireguard'
option private_key 'oJg241wruWWXzXIF+CjBdggSrmzh68kWZqmbDMiCdlM='
list dns '1.1.1.1'
list dns '1.0.0.1'
list dns '2606:4700:4700::1111'
list dns '2606:4700:4700::1001'
list addresses '172.16.0.2/24'
list addresses '2606:4700:110:8bba:a07:4638:6d15:e30a/128'
option mtu '1280'
config wireguard_wg
option description 'Imported peer configuration'
option public_key 'bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo='
list allowed_ips '0.0.0.0/0'
list allowed_ips '::/0'
option endpoint_host 'engage.cloudflareclient.com'
option endpoint_port '2408'
option persistent_keepalive '25'
root@Ipad:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option cachesize '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option filter_aaaa '0'
option filter_a '0'
option port '54'
option noresolv '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
option force '1'
list dhcp_option '3,10.0.1.1'
list dhcp_option '6,10.0.1.1'
list dhcp_option '15,lan'
list dns 'fddc:a4bf:eb83::1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'guest'
option interface 'guest'
option start '100'
option limit '150'
option leasetime '12h'
root@Ipad:~# cat /etc/config/firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
list network 'wg'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config zone
option name 'guest'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'guest'
config forwarding
option src 'wan'
option dest 'guest'
config rule
option src 'guest'
option name 'allow-DNS-guest'
option dest_port '53'
option target 'ACCEPT'
config rule
option src 'guest'
option name 'Allow-DHCP-guest'
list proto 'udp'
option dest_port '67'
option target 'ACCEPT'
config rule
option src 'guest'
option dest 'wan'
option name 'Allow-guest-internet'
option target 'ACCEPT'
config rule
option src 'guest'
option dest 'wan'
option name 'block-guest'
option target 'REJECT'
list proto 'all'
list dest_ip '10.0.0.1'
config include 'pbr'
option fw4_compatible '1'
option type 'script'
option path '/usr/share/pbr/firewall.include'
root@Ipad:~# opkg list-installed adguardhome
adguardhome - 0.107.57-r1
root@Ipad:~#
Are you attempting to use only WARP for DNS?
Please provide PBR config also.
im using warp because i need to send my actual ip to all the apps like banking apps so they wont get blocked and also the content blocked by country.
root@Ipad:~# cat /etc/config/pbr
config pbr 'config'
option enabled '1'
option verbosity '2'
option strict_enforcement '1'
option resolver_set 'none'
list resolver_instance '*'
option ipv6_enabled '0'
list ignored_interface 'vpnserver'
option boot_timeout '30'
option rule_create_option 'add'
option procd_reload_delay '1'
option webui_show_ignore_target '0'
option nft_rule_counter '0'
option nft_set_auto_merge '1'
option nft_set_counter '0'
option nft_set_flags_interval '1'
option nft_set_flags_timeout '0'
option nft_set_policy 'performance'
list webui_supported_protocol 'all'
list webui_supported_protocol 'tcp'
list webui_supported_protocol 'udp'
list webui_supported_protocol 'tcp udp'
list webui_supported_protocol 'icmp'
config include
option path '/usr/share/pbr/pbr.user.aws'
option enabled '0'
config include
option path '/usr/share/pbr/pbr.user.netflix'
option enabled '0'
config dns_policy
option name 'Redirect Local IP DNS'
option src_addr '192.168.1.5'
option dest_dns '1.1.1.1'
option enabled '0'
config policy
option name 'guest'
option interface 'wg'
option src_addr '@br-guest'
root@Ipad:~#
You state that WG stopped does that mean the interface does not come up?
To check please show the output of:
wg show
Also show the following:
From the routers console (SSH into the router)
ping 8.8.8.8
ping openwrt.org
From a LAN client:
ping 8.8.8.8
ping openwrt.org
bro I factory reset my router and now im not using adguard Home.
yes at that time WG interface was totally stopped both rx/tx was 0.
should i install again adguard home?
I am not a big fan of Adguard too bloated for my taste but that is just me.
I use Adblock for Adblocking and https-dns-proxy for secure DNS which is sufficient for my needs
But I suspected that the router itself did not use Adguard so that the endpoint of the WG interface could not be resolved and the WG interfaces thus could not start
ohh i didn't know about it... will definitely give both of them a try.
thankyou so much.
Thank You so much both are working fine.
One thing i noticed after Reboot WG interface took around 10 mins to startup I don't know if it is WG issue or PBR.
In this 10mins all traffic was routing through LAN interface.