Tried installing wireguard all 3 tools.
when i reboot i lose access to the admin interface(openwrt luci).
It gives me a 404 not found
deleted wireguard via ssh
No idea whats causing this, any advice?
Tried installing wireguard all 3 tools.
when i reboot i lose access to the admin interface(openwrt luci).
It gives me a 404 not found
deleted wireguard via ssh
No idea whats causing this, any advice?
What did you insstall to break luci?What files you deleted?
Like i said...
I installed wireguard.
After a reboot the luci interface was not available anymore
You said you installed 3 times, then you deleted something (not removed package)
Can you reset your device and record exact steps that break luci?
Im sorry friend but read again?
Installing all 3 tools does not equal installing 3 times?
I installed the wireguard-tools, kmod-wireguard and luci wireguard.
After i lost access to my admin interface via the ip address, i used ssh to remove those packages again, That fixed it.
Hope this is more clear for you
what exactly did you install -- what was the command here?
"luci wireguard" doesn't exist, and if typed that way would have installed luci and wireguard.
There is a package called luci-proto-wireguard
that you probably meant to install.
What router and build are you using, please show: ubus call system board
For 23.05 you should use something like:
root@R7800-2:~# opkg list | grep wireguard
kmod-wireguard - 5.15.147-1
luci-proto-wireguard - git-24.030.01825-9536b97
wireguard-tools - 1.0.20210914-2
if you used those package names when you uninstalled wireguard, it would have removed the webUI (luci) in the process.
installing broke it, uninstalling fixed it.
For real do you guys even read -_-
Also package names are from the top of my head
I read it.
Details matter here. Installing the packages related to wireguard should not break anything, especially LuCI.
We need to know exactly what you installed, including the output that resulted.
you need to lof out and in to activate new luci component, sometimes reboot.
good point, post changed, sorry.
root@Jumppoint:~# ubus call system board
{
"kernel": "5.15.137",
"hostname": "Jumppoint",
"system": "ARMv8 Processor rev 4",
"model": "ASUS TUF-AX4200",
"board_name": "asus,tuf-ax4200",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "23.05.2",
"revision": "r23630-842932a63d",
"target": "mediatek/filogic",
"description": "OpenWrt 23.05.2 r23630-842932a63d"
}
}
root@Jumppoint:~# opkg list | grep wireguard
kmod-wireguard - 5.15.137-1 - WireGuard is a novel VPN that runs inside the Linux Kernel and utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. It uses UDP.
luci-proto-wireguard - git-24.047.55123-7964117 - Support for WireGuard VPN
wireguard-tools - 1.0.20210914-2 - WireGuard is a novel VPN that runs inside the Linux Kernel and utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. It uses UDP. This package provides the userspace control program for WireGuard, `wg(8)`, a netifd protocol helper, and a re-resolve watchdog script.
Rebooting is what caused me to lose access to the admin interface
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </>
" button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
cat /etc/config/network
cat /etc/config/firewall
cat /etc/config/uhttpd
Correct, sorry for not using the correct names, it was from the top of my head.
Packages i installed were:
kmod-wireguard - 5.15.137-1
luci-proto-wireguard - git-24.047.55123-7964117
wireguard-tools - 1.0.20210914-2
Please note that i have the wireguard packages not installed anymore as that was what lost me access to the admin interface.
cat /etc/config/network:
root@Jumppoint:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1' option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd55:a3aa:72db::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config device option name 'lan1'
option macaddr 'c8:7f:54:23:26:26'
config device option name 'lan2' option macaddr 'c8:7f:54:23:26:26'
config device
option name 'lan3'
option macaddr 'c8:7f:54:23:26:26'
config device
option name 'lan4'
option macaddr 'c8:7f:54:23:26:26'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
list dns '192.168.1.100'
config device
option name 'eth1'
option macaddr 'c8:7f:54:23:26:26'
config interface 'wan'
option device 'eth1'
option proto 'dhcp'
option force_link '1'
option broadcast '1'
option peerdns '0'
config interface 'wan6'
option device 'eth1'
option proto 'dhcpv6'
config wireguard_WireGuardVPN
option description 'server.conf'
option public_key 'redacted'
option preshared_key 'redacted'
list allowed_ips '192.168.1.2/32'
config wireguard_WireGuardVPN
option description 'server.conf'
option public_key 'redacted'
option preshared_key 'redacted'
list allowed_ips '192.168.1.3/32'
config wireguard_WireGuardVPN
option description 'server.conf'
option public_key 'redacted'
option preshared_key 'redacted'
list allowed_ips '192.168.1.4/32'
cat /etc/config/firewall:
root@Jumppoint:~# cat /etc/config/firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'RDP'
option family 'ipv4'
option src 'wan'
option src_dport '3389'
option dest_ip '192.168.1.175'
option dest_port '3389'
list src_mac '04:bf:1b:6a:fd:42'
list src_mac 'e4:bc:aa:0b:e0:ba'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'Satisfactory'
option family 'ipv4'
list proto 'udp'
option src 'wan'
option src_dport '7777'
option dest_ip '192.168.1.151'
option dest_port '7777'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'Satisfactory Server'
option family 'ipv4'
list proto 'udp'
option src 'wan'
option src_dport '15777'
option dest_ip '192.168.1.151'
option dest_port '15777'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'Satisfactory beacon'
option family 'ipv4'
list proto 'udp'
option src 'wan'
option src_dport '15000'
option dest_ip '192.168.1.151'
option dest_port '15000'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'HTTP '
list proto 'tcp'
option src 'wan'
option src_dport '80'
option dest_ip '192.168.1.100'
option dest_port '80'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'HTTPS '
list proto 'tcp'
option src 'wan'
option src_dport '443'
option dest_ip '192.168.1.100'
option dest_port '443'
config rule
option name 'block dns on wan'
option src 'wan'
option src_port '53'
option dest '*'
option dest_port '53'
option target 'DROP'
config rule
option name 'BLOCK LIST'
list proto 'all'
option src 'wan'
list src_ip '2.189.5.142'
option target 'DROP'
config rule
option name 'WireguardVPN'
list proto 'udp'
option src 'wan'
option src_port '51869'
option dest_port '51869'
option target 'ACCEPT'
option family 'ipv4'
cat /etc/config/uhttpd:
root@Jumppoint:~# cat /etc/config/uhttpd
config uhttpd 'main'
list listen_http '0.0.0.0:80'
list listen_http '[::]:80'
list listen_https '0.0.0.0:443'
list listen_https '[::]:443'
option redirect_https '0'
option home '/www'
option rfc1918_filter '1'
option max_requests '3'
option max_connections '100'
option cert '/etc/uhttpd.crt'
option key '/etc/uhttpd.key'
option cgi_prefix '/cgi-bin'
list lua_prefix '/cgi-bin/luci=/usr/lib/lua/luci/sgi/uhttpd.lua'
option script_timeout '60'
option network_timeout '30'
option http_keepalive '20'
option tcp_keepalive '1'
option ubus_prefix '/ubus'
list ucode_prefix '/cgi-bin/luci=/usr/share/ucode/luci/uhttpd.uc'
config cert 'defaults'
option days '730'
option key_type 'ec'
option bits '2048'
option ec_curve 'P-256'
option country 'ZZ'
option state 'Somewhere'
option location 'Unknown'
option commonname 'OpenWrt'
Well the list allowed_ips
you have there are problematic. When you lost access, was it after you'd tried to configure wireguard?
It was yesterday evening when it was late, so i don't remember exactly.
I will install the packages right now and let you know!
Seems kmod-wireguard and luci-proto-wireguard are actually still installed.
So its only wireguard-tools that seems to conflict with my setup.
I am installing wireguard-tools at this moment, and reboot.
AAAND i still have access to the admin interface.
Meaning @ krazeh is correct and its my config causing me to lose access