Wireguard Client Setup

Installing and Using OpenWrt
1

I have a HOME OpenWRT router and a RV OpenWRT router. Both are running Wireguard. I am trying to route all internet traffic from the RV router through the HOME router via the Wireguard tunnel. The RV router is using a 4G LTE modem (WWAN below) for internet access.

I am able to get a handshake, but I can't ping or route between the 2 routers. I am able to connect my Android phone to the HOME router and route all traffic as expected.

Any help would be greatly appreciated. See config info below.

HOME NETWORK:

config interface 'wg0'
	option proto 'wireguard'
	option listen_port '51820'
	list addresses '10.10.10.1/32'
	option private_key 'home private key'

config wireguard_wg0
	option route_allowed_ips '1'
	list allowed_ips '10.10.10.0/24'
	option public_key 'rv public key'

config wireguard_wg0
	option route_allowed_ips '1'
	list allowed_ips '10.10.10.0/24'
	option public_key 'android public key'

HOME FIREWALL:

config rule
	option target 'ACCEPT'
	option src 'wan'
	option proto 'udp'
	option name 'Wireguard_VPN'
	option family 'ipv4'
	option dest_port '51820'

config zone
	option name 'wgvpn'
	option input 'ACCEPT'
	option forward 'ACCEPT'
	option output 'ACCEPT'
	option masq '1'
	option network 'wg0'

config forwarding
	option dest 'lan'
	option src 'wgvpn'

config forwarding
	option dest 'wan'
	option src 'wgvpn'

config forwarding
	option dest 'wgvpn'
	option src 'lan'

RV NETWORK:

config interface 'wwan'
	option device '/sys/devices/pci0000:00/0000:00:13.0/usb2/2-1/2-1.3'
	option proto 'modemmanager'
	option apn 'tracfone.vzwentp'

config interface 'wg0'
	option proto 'wireguard'
	option listen_port '51820'
	list addresses '10.10.10.2/32'
	option private_key 'rv private key'

config wireguard_wg0
	option public_key 'home public key'
	list allowed_ips '0.0.0.0/0'
	option endpoint_host 'home.ddns.com'
	option endpoint_port '51820'
	option persistent_keepalive '25'
	option route_allowed_ips '1'

RV FIREWALL:

config rule
	option target 'ACCEPT'
	option src 'wan'
	option proto 'udp'
	option name 'Wireguard_VPN'
	option family 'ipv4'
	option dest_port '51820'

config zone
	option name 'wgvpn'
	option input 'ACCEPT'
	option forward 'ACCEPT'
	option output 'ACCEPT'
	option masq '1'
	option network 'wg0'

config forwarding 'wg_wan'
	option src 'wgvpn'
	option dest 'wan'

config forwarding 'wg_lan'
	option src 'wg-vpn'
	option dest 'lan'

config forwarding
	option dest 'wgvpn'
	option src 'lan'

I also noticed the status on the RV router shows no gateway:
Annotation%202019-01-02%20085201

2

I also noticed that your upstream is a tunnel...can you confirm that your WWAN is online?

Are you trying to use WG for Internet? If so, the Allowed IPs sections are incorrect.

3

WWAN is online and working well. I am trying to route all RV internet traffic through my HOME router.

Which Allowed IPs is incorrect?

4

You need allowed IPs to be:

0.0.0.0/1
and
128.0.0.0/1

NOT 0.0.0.0/0

This is so the default route on WWAN isn't erased. Edit the WG peer on the RV for the connection to your home router to fix this.

Hope this works.

5

Unfortunately, didn't work. I'm still not even able to ping between peers. Routes after change:

OpenedWithImage%20(2)

6

At HOME NETWORK fix this:

config interface 'wg0'
list addresses '10.10.10.1/24'

Masquerade should not be needed in config zone of the wgvpn.

In RV NETWORK fix this:

list addresses '10.10.10.2/24'

Also no need for masquerade here too.

1 Like