I'm trying to get WireGuard to work with using PPPOE as the connection on the WAN and get WireGuard to work. But I'm really stuck how to set it up on the router/LEDE. I have tried for days to get it to work but no luck.
Would really appreciate any help.
just setup the pppoe first and after that add a new device wireguard protocol, do you use LUCI ?
Yes. I have LUCI interface installed. I have double checked the server aswell. I'm really stuck mate lol
do you have luci-proto-wireguard installed ?
Yes. I have luci-proto-wireguard installed.
So...what Issue(s) are you having???
The issue I'm having is the handshake is not happening. I have double checked the public key and its correct. I dont know where I'm going wrong. I'm stumped lol
Let's make sure you're using the keys in the correct spot.
You use the software to create 2 sets of keys:
the server public and private key
the LEDE's public and private key
On LEDE, you'll need the following:
the LEDE's private key
the server's PUBLIC key
the address and port of the Wireguard instance on the server
ENSURE YOU HAVE ALLOWED THE CORRECT SOURCE IPs TO COME THROUGH THE TUNNEL (i.e. 0.0.0.0/0 if it's an Interent VPN tunnel)
On the server, ensure the following:
you have setup your LEDE as a peer, using is PUBLIC KEY (you don't have to specify the LEDE's port and address)
@lleachii Still not happening. Maybe I need some firewall settings?
Edit: I got the handshake now. But no throughput?
ENSURE YOU HAVE ALLOWED THE CORRECT SOURCE IPs TO COME THROUGH THE TUNNEL (i.e. 0.0.0.0/0 if it’s an Interent VPN tunnel)
Also, if you are using a standard server as the far-endpoint,
you will likely need to enable IPv4 Forwarding (routing) and add a Masquerade rule.
#TO SETUP ROUTING AND FORWARDING ON SERVER
sudo sysctl -w net.ipv4.ip_forward=1
sudo iptables -t nat -A POSTROUTING -s < IP assigned to LEDE> -j MASQUERADE
You need to configure proper
routes and/or firewall zone and firewall forward allow rules on the LEDE as well.
This thread may be helpful to ensure the LEDE is configured properly:
Use WireGuard interface for specific devices only
You can also perform a
ping x.x.x.x -I < SRC IP of LEDE> to check if traffic works over the tunnel.
Thanks for all your help. I got it working in the end. I used "net.ipv4.conf.all.proxy_arp = 1" in the kernel that got it working couldn't work out the iptables.
If your problem is solved, you can edit your posting and mark it as "[Solved]" in the headline.