HI,
I've read this week-end on the forum that someone else have soem problems with wireguard. I use the same config as usual and since 4 days wireguard does not work. No connection, but no error neither. I tried the wg config file on my android app, computer apps and it is working, the provider is up and working except here on OpenWrt. Also, I tried, the master build, my own build, the 23.05 etc.. all the same.
root@OpenWrt:~# ubus call system board
{
"kernel": "5.15.153",
"hostname": "OpenWrt",
"system": "ARMv7 Processor rev 0 (v7l)",
"model": "Netgear Nighthawk X4S R7800",
"board_name": "netgear,r7800",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "23.05",
"revision": "r23835-9b33b74ef7",
"target": "ipq806x/generic",
"description": "OpenWrt 23.05-SNAPSHOT r23835-9b33b74ef7"
}
}
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdbc:18a5:431c::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
option metric '5'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '1 2 3 4 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '5 0t'
config interface 'wg0'
option proto 'wireguard'
option private_key 'Qxxxxxxxxxxxxxxxxxxxxxxxxxxx
option mtu '1390'
option metric '10'
list addresses 'xx.x.x.x/32'
config wireguard_wg0
option description 'proton.conf'
option public_key 'rlVxxxxxxxxxxxxxxxxxxxxxxxx
list allowed_ips '0.0.0.0/0'
option endpoint_host 'xx.xx.xx.xx'
option endpoint_port '51820'
option route_allowed_ips '1'
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule 'wg'
option name 'Allow-WireGuard'
option src 'wan'
option dest_port '51820'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include 'pbr'
option fw4_compatible '1'
option type 'script'
option path '/usr/share/pbr/pbr.firewall.include'
root@OpenWrt:~# wg show
interface: wg0
public key: Gmxxxxxxxxxxxxxxxxxxxxxxxxxxxx
private key: (hidden)
listening port: 42910
peer: pB//xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
endpoint: xxx.xx.xx.x:51820
allowed ips: 0.0.0.0/0
latest handshake: 36 seconds ago
transfer: 92 B received, 212 B sent
persistent keepalive: every 25 seconds
root@OpenWrt:~# cat /etc/config/pbr
config pbr 'config'
option enabled '1'
option verbosity '2'
option strict_enforcement '0'
option resolver_set 'none'
option ipv6_enabled '0'
list ignored_interface 'vpnserver'
list ignored_interface 'wgserver'
option boot_timeout '30'
option rule_create_option 'add'
option procd_reload_delay '1'
option webui_show_ignore_target '0'
list webui_supported_protocol 'all'
list webui_supported_protocol 'tcp'
list webui_supported_protocol 'udp'
list webui_supported_protocol 'tcp udp'
list webui_supported_protocol 'icmp'
config policy
option name 'pc_jim'
option src_addr 'xx:xx:xx:xx'
option interface 'wg0'
config policy
option name 'formuler'
option src_addr 'xx:xx:xx:xx'
option interface 'wan'
Mon Apr 22 06:48:35 2024 daemon.notice netifd: Network device 'wg0' link is down
Mon Apr 22 06:48:35 2024 daemon.notice netifd: Interface 'wg0' is now down
Mon Apr 22 06:48:35 2024 daemon.notice netifd: Interface 'wg0' is setting up now
Mon Apr 22 06:48:36 2024 daemon.info dnsmasq[1]: read /etc/hosts - 12 names
Mon Apr 22 06:48:36 2024 daemon.info dnsmasq[1]: read /tmp/hosts/dhcp.cfg01411c - 4 names
Mon Apr 22 06:48:36 2024 daemon.notice netifd: Interface 'wg0' is now up
Mon Apr 22 06:48:36 2024 daemon.notice netifd: Network device 'wg0' link is up
Mon Apr 22 06:48:36 2024 user.notice firewall: Reloading firewall due to ifup of wg0 (wg0)
Mon Apr 22 06:49:31 2024 daemon.notice netifd: Network device 'wg0' link is down