Wireguard access to lan and wan

Installing and Using OpenWrt Network and Wireless Configuration
1

Hey everyone im trying to replace the openvpn server on my router with a wireguard server, however i cant get the clients to connect to the other lan clients or wan.

Using openvpn when im connected i can access the other clients in de network and use the wan connection for internet access. i want to do the same here but with a wireguard server.

The server is a r7800 running openwrt 18.06.1. The client is a rooted android phone.

here are the relevant configs:

/etc/config/network
config interface 'wg0'
	option proto 'wireguard'
	option private_key 'PRIVATE KEY'
	option listen_port '11801'
	list addresses '192.168.1.200'

config wireguard_wg0
	option public_key 'PUBLIC KEY'
	list allowed_ips '0.0.0.0/0'
	option persistent_keepalive '25'
	option description 'Phone'

/etc/config/firewall
config rule
	option target 'ACCEPT'
	option src 'wan'
	option proto 'udp'
	option dest_port '11801'
	option name 'Allow WireGuard'

config zone
	option input 'ACCEPT'
	option output 'ACCEPT'
	option name 'wg0'
	option network 'wg0'
	option forward 'ACCEPT'

config forwarding
	option dest 'wg0'
	option src 'lan'

config forwarding
	option dest 'wg0'
	option src 'wan'

config forwarding
	option dest 'lan'
	option src 'wg0'

config forwarding
	option dest 'wan'
	option src 'wg0'

When i connect to the tunnel i cant access any lan clients nor do i have a connection to the internet. Anyone know what im doing wrong?

2

check here:
https://www.ckn.io/blog/2017/11/14/wireguard-vpn-typical-setup/

3
  • You didn't list your full network config. It appears you use an IP in the 192.168.1.0/24 range. This is the default subnet of LAN. You may wish to renumber your tunnel.
  • Your firewall config needs an Inbound Traffic Rule for udp/11801
  • Your phone shouldn't need all allowed IPs
  • The keep alive to your phone likely won't work due to Android firewall. Add a keep alive to the phone's config
1 Like