Ok first off, i set up my wireguard and it works with my public ip, but whenever i try to connect with my ddns (duckdns) i get only access to my lan, nothing else, dont know what to change here to get full access...
Second question, if i wanted to set up more restricted users, like one with access just to lan, and one just to certain port, could anyone give me an example of how should i do it?
So i could have for example 3 users connected:
as i said, when i connect through my public ip, i have full access (yes internet and lan), when i connect using ddns i have only lan access, i would like to have full access on both (cause my ip changes sometimes), the ddns is a default openwrt setup
No i dont, as said above, for now depending if i use my ip (full access) or ddns (only lan), not to mention third peer (that what i meant by saying user btw) id like to set up so it has access only to one port, i saw a config with iptables for this purpose here: https://gist.github.com/qdm12/4e0e4f9d1a34db9cf63ebb0997827d0d
but i also read it is not recommended for openwrt, and it is better to use firewall, but since im a noob, its hard for me to start, without an example of such firewall rule (the wireguard setup is basically the same as in that github link)
i dont understand what you dont understand, i said i have full access when i use my public ip directly, and dont have full access when i use ddns domain, and id like to have full accesss on both, what is there so hard to understand?
I can see that youre very hostile towards me, i said im new with this stuff, i dont understand everything, im trying to learn so all you gonna do is just be so cynical, please stop responding here, thanks.
If the ddns is pointing to the correct wan IP of the router, then there is no difference.
Create a separate wg zone in firewall, which includes the wg interface where these 3 peers connect.
Allow with a firewall rule traffic from IP of user1 to 0.0.0.0/0 in wan zone.
Allow with a firewall rule traffic from IP of user2 to subnet in lan zone.
Allow with a firewall rule traffic from IP of user3 to the IP:port in lan zone.
If you still have questions there needs to be some troubleshooting.
Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have
ubus call system board; \
uci export network; \
uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; uci export ddns; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
ls -l /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
Thank you very much, this is just ready to go, working perfectly, thank you very much again man, i spend so much time trying to google a solution, where i should just ask right away, this is just perfect.
Id have one last question, cause i finally set up everything like i wanted and everything works, just one thing, the 'wg2lanport' setting, only for ports, it still gives access to the router gui "192.168.1.1", is there a way to block this off too? if not thats not the biggest deal, but it would be nice, just in case.
Also, if its not a problem, could you maybe give me one more example of how to reach peer2 network (also on openwrt, not yet set up), from peer1, im assuming the rule 'internet' would work on peer2, but what rule would i have to make on the server to pass through, and the server would have access to peer2 network too?