I followed this guide and have a working wireguard configuration on a 19.07 rc2 on a Dir-860 b1.
They seem to work over wifi and 4G .
I use this to access 3 camera's a doorbird, Grandstream and a Hikvision.
I have moving video from one and 2 but not from 3.
I also have a server(Qapache) running on a QNAP listing to port 88.
None of the experimental pages are served when wireguard is running not even over wifi.But when I turn of wireguard on the phone I get my webpages.
How are you able to access the encrypted network if you turn OFF the Wireguard?
At home I can test via wifi or 4G indeed it seems to work better via 4G than via home-wifi.
On my Android phone I get an error if I try to connect with total comander to my NAS I get the following after some time.
SMB2 CONNECT failed to connect to QNAP TS869L.lan 192.168.1.5(port445) from 192.168.46.210 (port 38945 after 5000ms
Is there a reason you’re defining a /16? Unless you are servicing 65k hosts, this is only going to mess things up. And it is likely part of the problem since this collides with your LAN (192.168.1.0/24, I’m guessing)
Change this to a /24 and you also need to make the address an actual host address, not a network address:
list addresses '192.168.46.1/24'
Also, your firewall rule should not be a redirect, but rather a traffic rule (accept udp 1194)
config rule
option target 'ACCEPT'
option src 'wan'
option proto 'udp'
option dest_port '1194'
option name 'Allow-WireGuard-Inbound'
Then create a Wireguard zone and allow forwarding to the lan zone:
config zone
option name 'wg'
option input 'ACCEPT'
option output 'ACCEPT'
option network 'wg0'
option forward 'REJECT'
config forwarding
option dest 'lan'
option src 'wg'
Also, if these don’t fix your problems, please post the complete firewall and network files (ok to redact the keys and such, but the other config items are critical)
First of all warm greetings in these special holidays.
Thanks for the tips and I experimented with them.
What I learned was that:
/etc/init.d/ firewall restart wasn't enough to have the changed settings working
/etc/init.d/network restart wasn't enough to have the changed settings working
A REBOOT was necessary.
I had and have a working Wireguard for my camera's but not for reaching my NAS.
When I change 192.168.46.0/24 to 192.168.46.1/24 Wireguard doesn't work.
When I change from PortForward to traffic rule Wireguard doesn't work.
Changing from /16 to /24 gave me a signifact speeds boost in framerate on the camera's.
Stil I would like to reach my NAS network on 192.168.1.5
When you tried the traffic rule, did you delete the redirect?
And when you set the wg interface address as .1/24, how did you test to determine that it wasn’t working? Had you restarted after the change?
Also, it looks like you have the wg interface attached to both the lan and wg zones. Remove it from the lan zone.
Please post your remote peer config and describe how you are testing (same network, different WiFi/wired network, cellular) and what diagnostics you are using to determine the status.
At the very least I did a /etc/init.d/firewall restart and a /etc/init.d/network restart. Now I just reboot
I have the 192.168.46.1/24 working .
I removed wg0 from the lan zone.
Yesterday I changed he allowed IPs on the Android phone from 0.0.0.0/0, ::0 to 0.0.0.0/0,::/0 from that moment I can't connect over wireguard from that phone.
When I reentered 0.0.0.0/0, ::0 and saved I notice that the wireguardapp on Android changed it to 0.0.0.0/0, ::/128
My other phones are still able to connect. I even removed the app and rebooted before I did a new installation.
Then I changed the Peer IP adres from 192.168.46.210/24 to 192.168.46.10/24 on the phone and the router and NOW it works
I test via wifi at home so same network and I enable 4G so that's the real test.
Camera's are working connection to NAS not.
Furthermore it's only working over wifi now....
Add forwarding from wg to wan If you want internet access.
Not surprising that it only works when on cellular - while you are connected to your WiFi I would expect that there would be ambiguity regarding the routing because your phone(s) have local op addresses in the 192.168.1.0/24 network but then have wg overriding and routing back to that same network may not work as expected. But there is no point to worrying about it when you are on WiFi on your local network since that is not a use case that matters.
What is the operating system of the bad? Does it have a firewall or any other rules that might restrict access from other rfc1918 address ranges to the device itself?
Indeed though it would be easy, if you don't have to think about it when arriving at home.
What is the operating system of the bad? Does it have a firewall or any other rules that might restrict access from other rfc1918 address ranges to the device itself?
I don't understand what you mean with what is the operating system of the bad?
My nokia8 is running android 9, OpenWRT is 19.07rc2.
As openwrt is handing out the IP adresses, my Nokia8 always gets the same IP adres that isn't conflicting with the ones from Wireguard.
The NAS itself can be accessed with wifi...
Can you elaborate a bit about the difference in firewall approach of the portforward approach and the rule configuration.
So this could explain why you cannot access your NAS. Not sure if the device would block other subjects, but if so, you’ll need to modify the firewall on that device to allow connections from your wg subnet.