Wireguard and PPPOE [Solved]

HI ALL!

I'm trying to get WireGuard to work with using PPPOE as the connection on the WAN and get WireGuard to work. But I'm really stuck how to set it up on the router/LEDE. I have tried for days to get it to work but no luck.

Would really appreciate any help.

just setup the pppoe first and after that add a new device wireguard protocol, do you use LUCI ?

Yes. I have LUCI interface installed. I have double checked the server aswell. I'm really stuck mate lol

do you have luci-proto-wireguard installed ?

image

Yes. I have luci-proto-wireguard installed.

So...what Issue(s) are you having???

The issue I'm having is the handshake is not happening. I have double checked the public key and its correct. I dont know where I'm going wrong. I'm stumped lol

Let's make sure you're using the keys in the correct spot.

You use the software to create 2 sets of keys:

  • the server public and private key
  • the LEDE's public and private key

On LEDE, you'll need the following:

  • the LEDE's private key
  • the server's PUBLIC key
  • the address and port of the Wireguard instance on the server
  • ENSURE YOU HAVE ALLOWED THE CORRECT SOURCE IPs TO COME THROUGH THE TUNNEL (i.e. 0.0.0.0/0 if it's an Interent VPN tunnel)

On the server, ensure the following:

  • you have setup your LEDE as a peer, using is PUBLIC KEY (you don't have to specify the LEDE's port and address)
1 Like

@lleachii Still not happening. Maybe I need some firewall settings?

Edit: I got the handshake now. But no throughput?

Make sure:

  • Also, if you are using a standard server as the far-endpoint, you will likely need to enable IPv4 Forwarding (routing) and add a Masquerade rule.

#TO SETUP ROUTING AND FORWARDING ON SERVER
sudo sysctl -w net.ipv4.ip_forward=1
sudo iptables -t nat -A POSTROUTING -s < IP assigned to LEDE> -j MASQUERADE

  • You need to configure proper routes and/or firewall zone and firewall forward allow rules on the LEDE as well.

This thread may be helpful to ensure the LEDE is configured properly: Use WireGuard interface for specific devices only

You can also perform a ping x.x.x.x -I < SRC IP of LEDE> to check if traffic works over the tunnel.

@lleachii

Thanks for all your help. I got it working in the end. I used "net.ipv4.conf.all.proxy_arp = 1" in the kernel that got it working couldn't work out the iptables. :slight_smile:

1 Like

If your problem is solved, you can edit your posting and mark it as "[Solved]" in the headline.