Wireguard config does not work on openwrt router 22.03.05

I have protonvpn free account...just testing waters

I could successfully install openvpn config files and could connect to internet but speed is very low so I tried wireguard but....

I have free vpn account - just testing waters ...

I downloaded one of the free and one std server config for wireguard for touter

I am entering correct keys etc but not getting any data trasnfer...I see handshake and some bytes in rx and tx but that is it...nothing else..can not open any website nothing...

I am using 22.03.05 openwrt version on my tplink archer a7 v5 - one thing I noticed that vpn provider provides public key only for peer and for interface provides only private key - but this later openwrt version compulsorily ask me to enter public key as well along with private key - under general setting.

I can not leave blank ..so what should I enter in public key space ? (vpn provider does not provide it)

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board 
cat /etc/config/network
cat /etc/config/firewall
wg show

I have no idea how to get the output of the command you gave mne?

Ssh into your router and then issue the commands


What I usually do is first click on generate, then I just re-paste the private key, somehow I found to have the same kind of issue within luci that the public key is no longer optional, but it does work with re-pasting the private key on my mullvad config.

^ for this I'm only speaking for the main tab of the wireguard interface, on the peers tab there you can add clients with no private key.

1 Like

So you click on generate in luci than paste orginal mullvad private key twice ...one in private key space and another public key space ? if so why would you click generate ? it will generate entirely new keys other than mullvad?

Almost, you click generate and then keep the public key and paste the secret key from proton in the secret key.

ok just to confirm..you first click generate ..that will generate both private and public keys - but than you just leave the public key as is and replace that newly created private key with original mullvad private key correct?

Jup that is correct.

ok on firewall settings - lan zone will allow forward to destination zone include wan/wan6 and that new interface wireguard correct?

also on this new wireguard firewall zone setting - covered network is wireguard and on advanced setting covered device is again this wireguard correct?

that should be fine I think but the best is to show a configuration or screenshot.

it should be fine if lan forwards to wan.

It should be fine if firewall zone from wireguard forwards to nothing since wireguard takes care, this is a default configuration, optionally but not needed you can forward wireguard zone to wan but it should do that already.

If you obtain rx and tx, I guess your interface works.

If it does not but you do see tx and rx, I'm suspecting a metric issue.

Then you could try editing wan interface and go to advanced and set metric to 10, this way wireguard interface has priority over wan or it could be the default gateway option in wireguards interface itself, you should play a little with these options to see result.

Make sure to set Route allowed IPs to enabled.
It still mystifies me why that is disabled by default.

Also regarding firewall just adding the WG interface to the WAN zone should already take care of firewall

1 Like

To add there is a wireguard client installer if you add that to Luci you can simply install the conf file you got from your provider by uploading or pasting it, no need to put settings in manually (except for the enabling of Route Allowed IPs)

In LuCi's Software section look for wg-installer in Available packages

Yes I installed wg-installer for client - so now I am able to import the config in to interface ? (Even earlier I was able to import ) not sure what do you mean?

If you can import/load configuration then you do not need to setup all the keys etc manually.

Protocol: WireGuard VPN
Uptime: 0h 0m 8s
RX: 92 B (1 Pkts.)
TX: 3.10 MB (5674 Pkts.)

As you can see....data sent but not received after initial handshake
I checked even after 7 mins - it was same status-only tx was increased a bit

Just follow @pshermans advice

1 Like
root@OpenWrt:~# ubus call system board
        "kernel": "5.10.176",
        "hostname": "OpenWrt",
        "system": "Qualcomm Atheros QCA956X ver 1 rev 0",
        "model": "TP-Link Archer A7 v5",
        "board_name": "tplink,archer-a7-v5",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "22.03.5",
                "revision": "r20134-5f15225c1e",
                "target": "ath79/generic",
                "description": "OpenWrt 22.03.5 r20134-5f15225c1e"

And these as well:

1 Like

Guys thanks a lot for trying to help me....
Somehow - It works now...I could check my ip is same as protonvpn provided server ip
But the speed is very slow ..it gives me 12 mbps download and 20mbps upload - its weird ..usually download is more and upload is less...
I believe this is because free protonvpn I am using ? or there is something to tweak in openwrt?

@psherman @lleachii Sorry I could not give full config or network and firewall -..because at first I did not know how to even get it and than I got worried about sharing it over the internet.

1 Like