any idea why this WireGuard config file doesn’t work? I have access to my old VPN still and they work and only have a PSK and the time to be quiescent that I have forgotten the name of. Maybe “Persistent Keep Alive”.
I can’t get it to work. This VPN has no guides for OpenWRT so this is the Linux Option but the one for OpenWRT is ancient. Have checked all me settings are identical to old VPN that works. Wont even handshake.
But PersistentKeepAlive should be normally used and set at 25.
Most common mistake is forgetting to enable Route_Allowed_IPs
If you cannot get it to work it will help if you show us your configs, in that case, please connect to your OpenWRT device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button
Remember to redact keys, passwords, MAC addresses and any public IP addresses you may have but do not redact private RFC 1918 IP addresses as that is not needed:
ubus call system board
cat /etc/config/network
cat /etc/config/dhcp
cat /etc/config/firewall
ip route show
wg show
thanks, pretty Sure I've done those. This interface works if I upload a config file from my old VPN.
Run Commands.
Just off out but will anonymise it later today.
This is going to look complicated. I use Batman Adv to create 3 zones (home/iot and guest). DNS is handled by Adguard Home. The VPN that does not work ends in FV. I only use 2 normally, but created loads more trying to figure out why they work from my old VPN. Just checked persistent keep alive is 25 and allowed IPs can be routed in the GUI.
BusyBox v1.36.1 (2025-04-13 16:38:32 UTC) built-in shell (ash)
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
-----------------------------------------------------
OpenWrt 24.10.1, r28597-0425664679
-----------------------------------------------------
root@BPI_R4:~# ubus call system board
{
"kernel": "6.6.86",
"hostname": "BPI_R4",
"system": "ARMv8 Processor rev 0",
"model": "Bananapi BPI-R4",
"board_name": "bananapi,bpi-r4",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "24.10.1",
"revision": "r28597-0425664679",
"target": "mediatek/filogic",
"description": "OpenWrt 24.10.1 r28597-0425664679",
"builddate": "1744562312"
}
}
root@BPI_R4:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'x:x:x::x'
option packet_steering '2'
option steering_flows '128'
config device
option name 'br-lan'
option type 'bridge'
option bridge_empty '1'
list ports 'eth1'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'wan'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
option defaultroute '0'
config device
option name 'br-wan'
option type 'bridge'
list ports 'eth2'
config device
option name 'wan'
option macaddr 'x'
config device
option name 'eth2'
option macaddr 'x'
config interface 'wan'
option device 'br-wan'
option proto 'dhcp'
option peerdns '0'
list dns '8.8.8.8'
list dns '8.8.4.4'
config interface 'wan6'
option device 'br-wan'
option proto 'dhcpv6'
option peerdns '0'
list dns '2001:4860:4860::8888'
list dns '2001:4860:4860::8844'
config device
option name 'lan1'
config interface 'GUEST'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option defaultroute '0'
option gateway '192.168.1.1'
option device 'br-guest'
list dns '192.168.2.1'
config interface 'IOT'
option proto 'static'
option ipaddr '192.168.3.1'
option netmask '255.255.255.0'
option defaultroute '0'
option gateway '192.168.1.1'
option device 'br-iot'
list dns '192.168.3.1'
config device
option type 'bridge'
option name 'br-vlan'
list ports 'bat0.10'
option bridge_empty '1'
config interface 'VLAN'
option proto 'static'
option ipaddr '192.168.6.1'
option netmask '255.255.255.0'
option defaultroute '0'
option gateway '192.168.1.1'
option device 'br-vlan'
list dns '192.168.6.1'
config interface 'bat0'
option proto 'batadv'
option routing_algo 'BATMAN_IV'
option bridge_loop_avoidance '1'
option gw_mode 'server'
option hop_penalty '30'
config interface 'bat_tunnel'
option proto 'batadv_hardif'
option master 'bat0'
option device 'br-bat'
option defaultroute '0'
list dns '192.168.1.1'
config device
option type 'bridge'
option name 'br-bat'
list ports 'lan1'
option bridge_empty '1'
config device
option type 'bridge'
option name 'br-iot'
list ports 'bat0.30'
option bridge_empty '1'
config device
option type 'bridge'
option name 'br-guest'
list ports 'bat0.20'
option bridge_empty '1'
config interface 'Management'
option proto 'static'
option ipaddr '192.168.10.1'
option netmask '255.255.255.0'
option defaultroute '0'
list dns '192.168.1.1'
option device 'br-mgmt'
option gateway '192.168.1.1'
config device
option type 'bridge'
option name 'br-mgmt'
option bridge_empty '1'
list ports 'bat0'
config bridge-vlan
option device 'br-mgmt'
option vlan '10'
config bridge-vlan
option device 'br-mgmt'
option vlan '20'
config bridge-vlan
option device 'br-mgmt'
option vlan '30'
config bridge-vlan
option device 'br-mgmt'
option vlan '40'
config bridge-vlan
option device 'br-mgmt'
option vlan '50'
config bridge-vlan
option device 'br-mgmt'
option vlan '60'
config interface 'docker'
option device 'docker0'
option proto 'none'
option auto '0'
config device
option type 'bridge'
option name 'docker0'
config interface 'VPNtorrent'
option proto 'wireguard'
option private_key 'xxxxx'
list dns '10.100.0.1'
list addresses '10.100.99.51/32'
config wireguard_VPNtorrent
option description 'torrent.conf'
option public_key 'xxxx'
option preshared_key 'xxxxx'
list allowed_ips '0.0.0.0/0'
option persistent_keepalive '25'
option endpoint_host 'x.x.x.x'
option endpoint_port 'y'
config interface 'VPNglobal'
option proto 'wireguard'
option private_key 'xxxxx'
list addresses '10.103.55.88/32'
list dns '10.100.0.1'
config wireguard_VPNglobal
option description 'Switzerland.conf'
option public_key 'xxxx'
option preshared_key 'xxxx'
list allowed_ips '0.0.0.0/0'
option persistent_keepalive '25'
option endpoint_host 'x.x.x.x'
option endpoint_port 'y'
config wireguard_VPNtorrent
option description '4633C_fr_wg.conf'
option public_key 'xxxx'
option preshared_key 'xxxx'
list allowed_ips '0.0.0.0/0'
option persistent_keepalive '25'
option endpoint_host 'x.x.x.x'
option endpoint_port 'y'
config interface 'VPNlocal'
option proto 'wireguard'
option private_key 'xxxx'
list addresses '10.100.99.51/32'
list dns '10.100.0.1'
option force_link '1'
config wireguard_VPNlocal
option description '4633C_fr_wg.conf'
option public_key 'xxxx'
option preshared_key 'xxxx'
list allowed_ips '0.0.0.0/0'
option persistent_keepalive '25'
option endpoint_host 'x.x.x.x'
option endpoint_port 'y'
config interface 'VPNserbia'
option proto 'wireguard'
option private_key 'xxxx'
list addresses '10.101.33.40/32'
list dns '10.100.0.1'
option force_link '1'
config wireguard_VPNserbia
option description '188AF_rs_wg.conf'
option public_key 'xxxx'
option preshared_key 'xxxx'
list allowed_ips '0.0.0.0/0'
option persistent_keepalive '25'
option endpoint_host 'x.x.x.x'
option endpoint_port 'y'
config interface 'VPNhk'
option proto 'wireguard'
option private_key 'xxxxx'
list addresses '10.101.145.241/32'
list dns '10.100.0.1'
option force_link '1'
config wireguard_VPNhk
option description '1ED7D_hk_wg.conf'
option public_key 'xxxx'
option preshared_key 'OSrJNOsi/DTV+pzaLOqOglJnpkxMFoqlyrndyXFZtUg='
list allowed_ips '0.0.0.0/0'
option persistent_keepalive '25'
option endpoint_host 'x.x.x.x'
option endpoint_port 'y'
config interface 'VPNserbiaFV'
option proto 'wireguard'
option private_key 'xxxx'
list addresses '172.16.102.193/32'
list dns '10.8.8.8'
option force_link '1'
option defaultroute '0'
config wireguard_VPNserbiaFV
option description 'WG.conf'
option public_key 'xxxx'
list allowed_ips '0.0.0.0/0'
option endpoint_host 'rs-01.x.com'
option endpoint_port 'y'
option route_allowed_ips '1'
option persistent_keepalive '25'
root@BPI_R4:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option ednspacket_max '1232'
list interface 'GUEST'
list interface 'IOT'
list interface 'lan'
list interface 'Management'
list interface 'VLAN'
option port '54'
option cachesize '0'
option noresolv '1'
config dhcp 'lan'
option interface 'lan'
option start '101'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
list dhcp_option '3,192.168.1.1'
list dhcp_option '6,192.168.1.1'
list dhcp_option '15,lan'
list dns 'fd03:84ab:93eb::1'
option force '1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'GUEST'
option interface 'GUEST'
option start '101'
option limit '150'
option leasetime '12h'
list dhcp_option '6, 192.168.2.1'
option netmask '255.255.255.0'
config dhcp 'IOT'
option interface 'IOT'
option start '101'
option limit '150'
option leasetime '12h'
option netmask '255.255.255.0'
list dhcp_option '6, 192.168.3.1'
config dhcp 'VLAN'
option interface 'VLAN'
option start '101'
option limit '150'
option leasetime '12h'
option netmask '255.255.255.0'
list dhcp_option '6, 192.168.6.1'
config dhcp 'Management'
option interface 'Management'
option start '100'
option limit '115'
option leasetime '12h'
config host
option name 'ESP_8ACC08'
option ip '192.168.3.170'
list mac ''
config host
option name 'Broadlink-RMPROPLUS'
option ip '192.168.3.101'
list mac ''
config host
option name 'HarmonyHub'
option ip '192.168.3.128'
list mac ''
config host
option name 'Doorbell'
option ip '192.168.3.165'
list mac ''
config host
option name 'NSPP'
option ip '192.168.3.199'
list mac ''
config host
option name 'Macbook-Pro-on-IoT'
option ip '192.168.3.113'
list mac ''
config host
option name 'White-Watcher'
option ip '192.168.3.117'
list mac ''
config host
option ip '192.168.3.156'
list mac '
option name 'Clear-Watcher'
config host
option name 'SmartMeter'
option ip '192.168.3.244'
list mac ''
config host
option name 'Printer'
list mac ''
option ip '192.168.3.204'
option leasetime 'infinite'
config host
option ip '192.168.6.229'
list mac ''
option name 'iPhone-X'
config host
option name 'ubuntu-touch'
option ip '192.168.6.223'
list mac ''
config host
option name 'Sony-TV'
option ip '192.168.3.140'
list mac ''
config host
option name 'Win11PC'
option ip '192.168.1.187'
list mac ''
config host
option name 'probablyEthernetMeshtastic'
option ip '192.168.1.105'
list mac ''
config host
option ip '192.168.3.183'
list mac ''
option name 'Google-Display-Kitchen'
config host
option ip '192.168.3.234'
list mac ''
option name 'Google-Display-Bedroom'
config host
option ip '192.168.1.188'
list mac ''
option name 'Nvidia-Shield-Ethernet'
config host
option name 'iPad'
option ip '192.168.2.126'
list mac ''
config host
option name 'iPhone'
option ip '192.168.3.155'
list mac 'x'
config host
option ip '192.168.3.202'
list mac ''
option name 'echo-dot'
config host
option name 'likely-WEMO-on-small-Bathroom-heater'
option ip '192.168.3.227'
list mac ''
config host
option name 'Living-Room-Thermostat'
option ip '192.168.3.169'
list mac ''
config host
option name 'Canary-Security-Camera-black'
option ip '192.168.3.150'
list mac ''
config host
option name 'Washing-Machine'
option ip '192.168.3.211'
list mac ''
config host
option name 'Upstairs-Thermostat'
option ip '192.168.3.167'
list mac ''
config host
option ip '192.168.3.158'
list mac ''
option name 'Nest-Protect'
config host
option name 'Google-Home-Mini'
option ip '192.168.3.124'
list mac ''
config host
option name 'Managed-Switch'
option ip '192.168.3.146'
list mac ''
config host
option ip '192.168.3.246'
list mac ''
option name 'iPhoneXonIoT'
config host
option ip '192.168.2.154'
list mac ''
option name 'iPhoneXonGuest'
config host
option name 'ihost'
option ip '192.168.6.183'
list mac ''
config host
option name 'Canary-Camera-White'
option ip '192.168.3.122'
list mac ''
config host
option name 'homeassistant'
option ip '192.168.3.171'
list mac ''
config host
option name 'ebus-63630c'
option ip '192.168.3.138'
list mac ''
root@BPI_R4:~# cat /etc/config/firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
option flow_offloading '1'
option flow_offloading_hw '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list device 'br-lan'
list device 'br-wan'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include 'pbr'
option fw4_compatible '1'
option type 'script'
option path '/usr/share/pbr/firewall.include'
config zone
option name 'guestFW'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'GUEST'
config forwarding
option src 'guestFW'
option dest 'wan'
config zone
option name 'iotFW'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'IOT'
config forwarding
option src 'iotFW'
option dest 'wan'
config rule
option src 'guestFW'
option name 'Guest zone Access DNS DHCP'
option dest_port '53 67 68'
option target 'ACCEPT'
config rule
option src 'iotFW'
option name 'IoT Zone DNS DHCP'
option dest_port '53 67 68'
option target 'ACCEPT'
config rule
option src 'VlanFW'
option name 'VLAN zone DNS DHCP'
option dest_port '53 67 68'
option target 'ACCEPT'
config forwarding
option src 'lan'
option dest 'iotFW'
config rule
option src 'iotFW'
option dest 'lan'
option name 'M2 to MQTT Broker'
list dest_ip '192.168.1.167'
option dest_port '1883'
option target 'ACCEPT'
list src_ip '192.168.3.136'
config rule
option src 'lan'
option dest 'iotFW'
option name 'MQTT Broker to M2'
option dest_port '1883'
option target 'ACCEPT'
list src_ip '192.168.1.167'
list dest_ip '192.168.3.136'
config rule
option src 'iotFW'
option dest 'iotFW'
option name 'EBUS to MQTT Broker'
option dest_port '1883'
option target 'ACCEPT'
list dest_ip '192.168.3.171'
list src_ip '192.168.3.138'
config rule
option src 'iotFW'
option dest 'iotFW'
option name 'MQTT Broker to EBUS '
option dest_port '1883'
option target 'ACCEPT'
list src_ip '192.168.3.171'
list dest_ip '192.168.3.138'
config rule
option src 'iotFW'
option dest 'lan'
option name 'Smart Meter to MQTT Broker'
list dest_ip '192.168.1.167'
option target 'ACCEPT'
list src_ip '192.168.3.244'
config rule
option src 'iotFW'
option dest 'lan'
option name 'M2 to MQTT Broker'
list src_ip '192.168.1.135'
list dest_ip '192.168.1.167'
option dest_port '1883'
option target 'ACCEPT'
config zone
option name 'barFW'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'bat_tunnel'
config forwarding
option src 'barFW'
option dest 'wan'
config zone
option name 'VlanFW'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'VLAN'
config forwarding
option src 'VlanFW'
option dest 'iotFW'
config forwarding
option src 'VlanFW'
option dest 'lan'
config forwarding
option src 'VlanFW'
option dest 'wan'
config forwarding
option src 'lan'
option dest 'VlanFW'
config forwarding
option src 'lan'
option dest 'guestFW'
config forwarding
option src 'VlanFW'
option dest 'guestFW'
config rule
option src 'lan'
option dest 'lan'
option src_port '1883'
list dest_ip '192.168.1.167'
option target 'ACCEPT'
option name 'W11 to MQTT broker'
list src_ip '192.168.1.237'
list src_ip '192.168.6.237'
config rule
option src 'iotFW'
option dest 'lan'
option name 'Home Assistant to Broadlink'
list src_ip '192.168.1.167'
list dest_ip '192.168.3.101'
option target 'ACCEPT'
config rule
option src 'lan'
option dest 'iotFW'
option name 'Broadlink to Home Assistant'
option target 'ACCEPT'
list src_ip '192.168.3.101'
list dest_ip '192.168.1.167'
config rule
option src 'iotFW'
option dest 'lan'
option name 'control iHost Node Red from laptop'
list dest_ip '192.168.1.182'
option dest_port '1880'
option target 'ACCEPT'
list src_ip '192.168.3.113'
list src_ip '192.168.6.113'
list src_ip '192.168.2.113'
config rule
option src 'lan'
option dest 'lan'
option name 'W11 PC to HA/iHost web, NR & SSH'
option target 'ACCEPT'
list dest_ip '192.168.1.167'
list dest_ip '192.168.1.182'
option dest_port '80 8080 1880 22'
list src_ip '192.168.1.237'
list src_ip '192.168.6.237'
list src_ip '192.168.1.187'
config rule
option src '*'
option dest '*'
option name 'Laptop to Routers web & SSH'
option target 'ACCEPT'
option dest_port '80 8080 22'
list dest_ip '192.168.1.1'
list dest_ip '192.168.6.230'
list dest_ip '192.168.6.167'
list dest_ip '192.168.6.126'
list dest_ip '192.168.6.120'
list dest_ip '192.168.6.217'
list dest_ip '192.168.6.155'
list src_ip '192.168.2.114'
list src_ip '192.168.3.113'
list src_ip '192.168.6.113'
config rule
option src 'lan'
option dest 'VlanFW'
option name 'W11 PC to Routers web & SSH'
option target 'ACCEPT'
option dest_port '80 8080 22'
list dest_ip '192.168.1.1'
list dest_ip '192.168.6.230'
list dest_ip '192.168.6.167'
list dest_ip '192.168.6.126'
list dest_ip '192.168.6.120'
list dest_ip '192.168.6.217'
list dest_ip '192.168.6.155'
list src_ip '192.168.1.187'
config rule
option src 'iotFW'
option dest 'lan'
option name 'Watchers to IHost NR'
list dest_ip '192.168.1.182'
option dest_port '1880'
option target 'ACCEPT'
list src_ip '192.168.3.117'
list src_ip '192.168.3.156'
config rule
option src '*'
option dest 'iotFW'
option name 'PC/Laptop to Printer'
list dest_ip '192.168.3.204'
option target 'ACCEPT'
list src_ip '192.168.6.113'
list src_ip '192.168.6.237'
list src_ip '192.168.3.113'
list src_ip '192.168.2.113'
list src_ip '192.168.1.187'
config rule
option src 'iotFW'
option dest '*'
option name 'Printer to PC/Laptop'
list src_ip '192.168.3.204'
option target 'ACCEPT'
list dest_ip '192.168.6.113'
list dest_ip '192.168.6.237'
list dest_ip '192.168.3.113'
list dest_ip '192.168.2.113'
config rule
option src 'lan'
option dest 'iotFW'
option name 'Home Assistant to Printer'
list src_ip '192.168.1.167'
list dest_ip '192.168.3.204'
option target 'ACCEPT'
config rule
option src 'VlanFW'
option dest 'iotFW'
option name 'iPhone X to Printer on VLAN'
list dest_ip '192.168.3.204'
option target 'ACCEPT'
list src_ip '192.168.6.229'
config rule
option src 'iotFW'
option dest 'lan'
option name 'Printer to Home Assistant '
option target 'ACCEPT'
list src_ip '192.168.3.204'
list dest_ip '192.168.1.167'
config rule
option src 'iotFW'
option dest 'lan'
option name 'Harmony to Home Assistant'
list src_ip '192.168.3.128'
list dest_ip '192.168.1.167'
option target 'ACCEPT'
config rule
option src 'lan'
option dest 'iotFW'
option name 'Home Assistant to Harmony'
option target 'ACCEPT'
list src_ip '192.168.1.167'
list dest_ip '192.168.3.128'
config rule
option src '*'
option dest 'iotFW'
option name 'iPhone X to Printer'
list src_ip '192.168.3.246'
option target 'ACCEPT'
list dest_ip '192.168.3.204'
config rule
option src 'iotFW'
option dest 'lan'
option name 'IoT to iHost'
list dest_ip '192.168.1.182'
option target 'ACCEPT'
config rule
option src 'iotFW'
option dest 'lan'
option name 'IoT to Home Assistant'
list dest_ip '192.168.1.167'
option target 'ACCEPT'
config forwarding
option src 'iotFW'
option dest 'guestFW'
config zone 'docker'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option name 'docker'
list network 'docker'
config zone
option name 'VPNtorrentFW'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'VPNtorrent'
config zone
option name 'VPNlocalFW'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'VPNlocal'
config zone
option name 'VPNglobalFW'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'VPNglobal'
config forwarding
option src 'guestFW'
option dest 'VPNlocalFW'
config forwarding
option src 'iotFW'
option dest 'VPNglobalFW'
config forwarding
option src 'VlanFW'
option dest 'VPNglobalFW'
config forwarding
option src 'lan'
option dest 'VPNglobalFW'
config rule
option src '*'
option dest 'VPNtorrentFW'
option name 'Torrent to VPNtorrent '
list proto 'tcp'
option src_port '6881-6889 6989'
option target 'ACCEPT'
config forwarding
option src 'iotFW'
option dest 'lan'
config forwarding
option src 'guestFW'
option dest 'VPNglobalFW'
config forwarding
option src 'guestFW'
option dest 'VPNtorrentFW'
config forwarding
option src 'iotFW'
option dest 'VPNlocalFW'
config forwarding
option src 'iotFW'
option dest 'VPNtorrentFW'
config forwarding
option src 'VlanFW'
option dest 'VPNlocalFW'
config forwarding
option src 'VlanFW'
option dest 'VPNtorrentFW'
config rule
option src 'iotFW'
option dest 'wan'
option name 'IoT can get to WAN'
option target 'ACCEPT'
config rule
option src 'guestFW'
option dest 'wan'
option target 'ACCEPT'
option name 'Guest can get to WAN'
config rule
option src 'VlanFW'
option dest 'wan'
option name 'VLAN can get to WAN'
option target 'ACCEPT'
config rule
option src 'iotFW'
option dest 'iotFW'
option name 'EBUS from MBP on IoT'
list src_ip '192.168.3.113'
list dest_ip '192.168.3.138'
option target 'ACCEPT'
config zone
option name 'VPNserbiaFW'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'VPNserbia'
config zone
option name 'VPNhongkongFW'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'VPNhk'
config zone
option name 'VPNserbiaFVFW'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'VPNserbiaFV'
root@BPI_R4:~# ip route show
default via x.x.x.x dev br-wan proto static src x.x.x.x
x.x.x.x via x.x.x.x dev br-wan proto static
x.x.x.x via x.x.x.x dev br-wan proto static
x.x.x.x via x.x.x.x dev br-wan proto static
x.x.x.x via x.x.x.x dev br-wan proto static
x.x.x.x/20 dev br-wan proto kernel scope link src x.x.x.x
x.x.x.x/16 dev docker0 proto kernel scope link src x.x.x.x linkdown
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1 linkdown
192.168.2.0/24 dev br-guest proto kernel scope link src 192.168.2.1
192.168.3.0/24 dev br-iot proto kernel scope link src 192.168.3.1
192.168.6.0/24 dev br-vlan proto kernel scope link src 192.168.6.1
192.168.10.0/24 dev br-mgmt proto kernel scope link src 192.168.10.1
x.x.x.x via x.x.x.x dev br-wan proto static
x.x.x.x via x.x.x.x dev br-wan proto static
x.x.x.x via x.x.x.x dev br-wan proto static
root@BPI_R4:~# wg show
interface: VPNglobal
public key: xxxx
private key: (hidden)
listening port: 37889
peer: x
preshared key: (hidden)
endpoint: x.x.x.x:y
allowed ips: 0.0.0.0/0
latest handshake: 49 seconds ago
transfer: 51.46 KiB received, 189.55 KiB sent
persistent keepalive: every 25 seconds
interface: VPNtorrent
public key: xxxx
private key: (hidden)
listening port: 47496
peer: xxxx
preshared key: (hidden)
endpoint: x.x.x.x:y
allowed ips: 0.0.0.0/0
latest handshake: 1 minute, 36 seconds ago
transfer: 4.59 KiB received, 16.72 KiB sent
persistent keepalive: every 25 seconds
peer: xxxx
preshared key: (hidden)
endpoint: x.x.x.x:y
allowed ips: (none)
transfer: 0 B received, 138.75 KiB sent
persistent keepalive: every 25 seconds
interface: VPNlocal
public key:
private key: (hidden)
listening port: x
peer: xxxx
preshared key: (hidden)
endpoint: x.x.x.x:y
allowed ips: 0.0.0.0/0
latest handshake: 5 seconds ago
transfer: 4.34 KiB received, 16.79 KiB sent
persistent keepalive: every 25 seconds
interface: VPNserbia
public key:
private key: (hidden)
listening port: x
peer: xxxx
preshared key: (hidden)
endpoint: x.x.x.x:y
allowed ips: 0.0.0.0/0
latest handshake: 10 seconds ago
transfer: 4.29 KiB received, 15.42 KiB sent
persistent keepalive: every 25 seconds
interface: VPNhk
public key:
private key: (hidden)
listening port: x
peer: xxxx
preshared key: (hidden)
endpoint: x.x.x.x:y
allowed ips: 0.0.0.0/0
latest handshake: 2 minutes, 5 seconds ago
transfer: 4.07 KiB received, 14.91 KiB sent
persistent keepalive: every 25 seconds
interface: VPNserbiaFV
public key: xxxx
private key: (hidden)
listening port: x
peer:
endpoint: x.x.x.x:y
allowed ips: 0.0.0.0/0
I only looked at the WireGuard config of your VPNserbiaFV
Usually you need to enable Masquerading and MTU fix for a commercial VPN provider
However that does not seem the main culprit as wg show does not show a connection at all.
It could well be that that specific server is down or the keys are wrong or that you used all available connections
it's not the number of connections as I started with far fewer and to check created more with the olf file file from thd VPN. Did this repeatedly. This is just the limit of connetions (5) from that company. Masquerading and Clamping was just an oversight. I did this mant times.
Maybe it is a Luci fake setting vs shell commands thing? When i was setting up Adguard Home moving DNSmasq to port 54 didn't hold with Luci. Had to do it with commands.
That is what I thought, so I asked for a second server in a different country. They use the same (my) privete key and (their) public key for every server. Was expecting them to change.
I updated all the pacages individually and then did an attended sysupgrade. Now I cant get on internet from my computers or a reset 2nd router (only changed LAN to DHCP). Any ideas what it could be? Currently tethered to my phone which is remote hotspotting to my laptop.
from the diagnostics section I can ping openwrt.org.
Locally it distributes IP addresses and I can access 192.168.1.1 as normal
Don't think it is my computers as I've tried 3.
Don't think it is DNS because I've trien encrypting the DNS in browsers, setting my own DNS and can't ping 8.8.8.8 from my laptop or PC
Can't be wifi as this router has now wifi and I am on ethernet.
Don't think it can be firewall as LAN can go to WAN.
any other ideas?
I didn't test it after updating packages but what could have happened during package updateing or an attended upgrade? I was streaming YouTube whilst I was updating packages fine though and several of my things flash if there is no internet for them and I didn't notice that so my guess is it was the attended sys-upgrade.
I ended up resetting 1 main router and 6 "dumb" routers. Updating them all to the latest firmware (excuding betas and snapshots) trying to remember what packages they needed and then reinstalling the saved config files. I think this has worked as regards just being online again. Whatever that Attended Sysupgrade did it may have seemed easy but was more work in the end.
read their Wireguard Linux (Debian based) Guide. It is just
sudo -i
apt install wireguard -y
sudo nano /etc/wireguard/dallas.conf
#(paste the contents of their config to /etc/wireguard/dallas.conf)
sudo wg-quick up dallas
I've obtained two config files and neither works. Going to try similar to my laptop now, although it is Arch based.
might be just that I am new to Arch based distros but get Temporary failure in name resolution: rs-01.deleted.com:51820'. Trying again in 1.00 seconds...
`
I previously tried x.x.x.x in openwrt after following the URL though
