Wireguard in x86 image not working

ckleea · August 28, 2020, 12:42pm

I have been trying to use a19.07.03 x86 generic image to install wireguard in a proxmox image. I follow the guide to configure as a dump AP and disable firewall, dnsmasq and odhcpd. However, I am unable to get wireguard working.

In luci, it cannot create wireguard interface.

Then I manually create the wireguard interface in /etc/config/network

The wg0 interface created but upon connection via IOS or android client, I can only see client send but no receive data.

Can some one help to point a working version of x86 image with wireguard?

Borromini · August 28, 2020, 1:09pm

That really sounds like a configuration issue rather than Wireguard being botched (99% of the 'Wireguard does not work' questions end up being just that).

I have had Wireguard running just fine here for more than a year on 19.07 and x86/64, and no issues.

vgaetera · August 28, 2020, 1:48pm

Works for me.

OpenWrt 19.07.03 x86_64
libvirt + KVM/QEMU
WireGuard server + client

ckleea · August 28, 2020, 2:02pm

My network set up is simple

I have only one lan port assigned and get lan address from the router. Openwrt can access internet without problem.

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd69:e876:8339::/48'

config interface 'lan'
        option ifname 'eth0'
        option proto 'dhcp'

config interface 'wg0'
        option proto 'wireguard'
        option private_key 'server private key'
        option listen_port '9989'
        list addresses '10.15.100.50/24'

config wireguard_wg0
        option public_key 'iOS key public key'
;       option route_allowed_ips '1'
        list allowed_ips '10.15.100.51/32'

Firewall disable.
router open port to the openwrt

I have another debian linux instance in the same lan. Wireguard works without any problem.

vgaetera · August 28, 2020, 2:20pm

opkg update
opkg install tcpdump
tcpdump -n -i any udp port 9989

lleachii · August 29, 2020, 1:38pm

@ckleea, welcome to the community!

Are you using the same config?
Your LAN setting was omitted

Is this an accidental character in your real config file?

Also, we have to assume the remote is configured properly, you didn't show its config

ckleea · August 29, 2020, 1:57pm

Thank for the advice.

I found out the problem related to the settings.

Now it works

Borromini · August 29, 2020, 4:31pm

Please share how you fixed it.

ckleea · August 29, 2020, 11:51pm

As I use this within my Proxmox, I install openwrt x86 as dumb AP. I disable firewall, dnsmasq and odhcpd.

My /etc/config/network as

config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config globals 'globals'
option ula_prefix 'fd69:e876:8339::/48'

config interface 'lan'
option type 'bridge'
option ifname 'eth0'
option proto 'dhcp'
option ip6assign '60'

config interface 'lan6'
option ifname 'eth0'
option proto 'dhcpv6'

config interface 'wg0'
option proto 'wireguard'
option private_key 'OpenWRT Private Key'
option listen_port '33369'
list addresses '10.16.100.50/24'

config wireguard_wg0 'iPhoneXS'
option public_key 'IOS Public Key'
option route_allowed_ips '1'
list allowed_ips '10.16.100.51/32'

To make the wireguard connection can go in and out the wg0 interface, I run the following command

#WireGuard

iptables -t nat -I POSTROUTING -s 10.16.100.0/24 -j MASQUERADE

iptables -I FORWARD -i wg+ -s 10.16.100.0/24 -j ACCEPT

iptables -I INPUT -i wg+ -s 10.16.100.0/24 -j ACCEPT

The IOS config is just the usual one.

Once I am sure the connection is working. I put the iptables command into local startup.

Hope this is useful for one who want to add a wireguard in your small virtual image to your working environment

system · September 8, 2020, 11:51pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.