Looking at wireguard solutions at the moment, lab testing on different devices and OpenWRT seemed a useful platform to test (and probably deploy) for wireguard.
Have so far used: EdgeRouter X, Centos, VyOS and Windows Client to setup and & test wireguard tunnels (and have basic awareness of how it should work from this).
Would like to move to testing OpenWRT and have the following devices:
TPLINK Archer C7 – 21.02.0
Gl.inet AR-300 - 19.07.7
Raspberry Pi CM4 IoT Router Carrier Board Mini – 21.02.0 (DFRobot Build)
I have tried to get each of these to connect as a client into VyOS and Centos Wireguard servers. I have copied the keys from the Windows client which does connect successfully and I have also tried setting up with new keys. To date, I can only get the AR-300 to work as a client (and this has its own interface that sets this up, not via Luci).
Regardless of what I do, I can’t seem to get either the tplink or the Pi to work as a client. (Though I did test the TPLINK working as a server initially and this was OK). I’m sure I’ve missed something obvious, but I consistently fail to see any handshake occur.
I’m going to outline the following minimum steps I’ve done:
1 Reset to default settings for 21.02.0.
2 Install & configure basics as per https://openwrt.org/docs/guide-user/services/vpn/wireguard/basics get the private key from wg.key and paste it into the private key field of the interface (under General Settings). Set the IP address (client side IP of the tunnel)
3 Under Peers, set description, public key from the server, Endpoint Host (IP of the server), Endpoint Port. Save & apply, restart interface.
4 Under Status/Wireguard, Peer is shown with correct details, but “latest handshake” shows “never”. (Server also shows no handhake from client).
As a sanity check, I then use the same key details as I setup above and create a new tunnel in my Wireguard Windows Client (same network as my OpenWRT devices) and I am able to successfully connect this to my Wireguard Server. I can see the server show the incoming connection from the public key of the peer used above. If I try to use these same (working) details from OpenWRT, I never see any handshake.
To simplify things, I’m not (yet) looking for any routing or firewall settings, I just want to confirm I have a valid handshake and the tunnel exists. I believe as long as I have the minimum config set, I should at least see a handshake. This is the minimum config I’m looking for - can someone please confirm the minimum required config to get a client side connection going as above?
Any help or advice would be greatly appreciated.