I have had wireguard installed on another router until the router failed. I installed it per this page:
I cut and pasted the entire thing into SSH and it generated keys and a QR code for the android app.
After a bit of aggravation, I was able to get the Android wireguard app to connect to the new openwrt router. However, nothing gets through. The local addresses don't work and external internet addresses don't work.
What would be causing this?
You do realize that you couldn't actually reveal much less information which would empower others to help you?
Most of the time these issues are about routing discrepancies, but this is pure guess work.
Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
cat /etc/config/network
cat /etc/config/firewall
wg show
Sorry about the lack of information, I have been dealing with health emergencies. I am attaching the files you requested. The </> thing isn't doing anything as far as I can tell. I will have to add the code tags manually. Hopefully it will figure it out.
Firewall:
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone 'lan'
option name 'lan'
list network 'lan'
list network 'vpn'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone 'wan'
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled 'false'
config include
option path '/etc/firewall.user' <<<< File is empty except for comments
<<Confidential redirects removed>>
config rule 'wg'
option name 'Allow-WireGuard'
option src 'wan'
option dest_port '99999'
option proto 'udp'
option target 'ACCEPT'
Network:
root@OpenWrt:/etc/config# cat network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd63::XXXX::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device
option name 'eth0.2'
option macaddr 'XX:XX:2b:XX'
config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
config interface 'wan6'
option device 'eth0.2'
option proto 'dhcpv6'
option auto '0'
option reqaddress 'try'
option reqprefix 'auto'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 4 5 0t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 0t'
config interface 'vpn'
option proto 'wireguard'
option private_key 'ThePassword='
option listen_port 'xxxxx'
list addresses '192.168.9.1/24'
list addresses 'fdf1:e8a1:X:9::1/64'
config wireguard_vpn 'wgclient'
option public_key 'Another KEy='
option preshared_key 'Pre shared key='
list allowed_ips '192.168.9.2/32'
list allowed_ips 'XXXX:9::2/128'
root@OpenWrt:/etc/config#
WG SHOW
root@OpenWrt:/etc/config# wg show
interface: vpn
public key: erfwerfj;erkr;opubkeyk2rf2o;45fj45ogj45,,7&&&&&=
private key: (hidden)
listening port: 99999
peer: jnflj234r>>??//??===/QB121key234ifksdfnsdkjcfdn!!!6/kk=
preshared key: (hidden)
allowed ips: 192.168.9.2/32, fdf1:XXX:9::2/128
root@OpenWrt:/etc/config#
It doesn't look like the WG interface has ever actually had a successful handshake.
A few things to check:
I'd recommend removing the preshared key for the purposes of troubleshooting -- one less variable to worry about. You can add it back in when you have a successful connection.
I tried to upload a screen shot of the android wireguard screen, but its stuck and not working. Its only 26K.
Interface
Public key: hidden
Addresses: 192.168.9.1/24
DNS Servers: 192.168.1.1
Listen Port: Hidden
Peer
Public key: hidden
Allowed IP's: 0.0.0.0/0, ::/0
Endpoint: myddns.no-ip.org:hidden port number
Is the "config wireguard_vpn 'wgclient' " supposed to be there? The router is supposed to be a server not a client.
I have a public dynamic IP address and a DDNS service. The first two octets are 73.205. There are other port forwards that resolve properly.
On the app, the blue switch thing flips over when it connects. At least that's how it worked the last time. It will flip over blue, but doesn't seem to be actually working.
I'm not sure why this forum wont let me use preformatted text or upload images. Maybe I don't have enough privilege.
I also need to point out that the router had trouble booting when I booted it to get those files you asked for. In several locations in the log file, the word "Watchdog" appeared. I assume there was a watchdog reset. It eventually did boot up after several automatic reboots.
I used the QR code method of configuring the client. I don't know anything about preshared keys unless that put them in.
Note my ability to test at this time is very limited. Although I have the physical router, it is not connected to anything except the laptop. I had to reconnect the AX1800 with PPTP when I left last night because its the only thing working right now.
I will have access to the site either late friday or the weekend.
'wgclient' is the name associated with the remote peer. This is fine. It could be 'theBestPhoneEver' or 'mycrappylaptop' or whatever you want. It's really just a human readable name.
Yes, your router does appear to be setup as a server. Technically, Wireguard doesn't differentiate between servers and clients... they're all just peers. But there are some nuances to the setup that can make the difference, and in this case, you've set it up properly for your intended purpose.
Good. No likely issues here.
The strange thing about WireGuard apps is that they do indicate that the VPN is 'on' even if the connection/handshakes haven't really been established. As a result, it will appear to be connected even if it actually isn't. In your case, I don't think the handshake has happened.
Hmmm.. not sure why this would be happening -- possibly something to keep an eye on. But, as long as it is working now, no worries.
There is a preshared key listed in your router's configuration, but not in your mobile. Therefore, remove it from the router's peer configuration:
The QR code method usually works, so I think you'll be fine there. But we'll see soon enough.
I was going to mention that about the pre-shared key. It was in the network config but not the mobile config. Its blank in the mobile. I removed it from the network file. I don't know how it got there.
The router is not connected to the internet at the moment, yet the little blue switch flipped over just fine. Some reliable connected/not connected indication would be nice.
I feel confident that the pre shared key mismatch is likely the culprit. I won't be able to get back over there until tomorrow when I will test for sure.
Thanks for your help. I will let you know how it works out.
Just a quick note that I had to come in and the psk was not the problem -it at least not the only one. The logs on the mobile say that it could not make a handshake. I removed the vpn entry on the cell phone and used the qr code to make a new one. No change.
Is this device the main router, or is it sitting behind another router? If the latter, you need to make sure you've forwarded the port to the OpenWrt router.
Also make sure that the listen port is consistent between the Wireguard interface definition and the firewall (as well as the other router's port forwarding, if relevant), and obviously on the mobile device's configuration. Do not populate a listen port on the mobile device's configuration (just the peer's port).
You might need to regenerate keys if this isn't working... simple to do, but often the reason things get messed up... we can talk about that if nothing above helps.
No. It is the main router.
It was populated. I deleted it. No change. The only place to put a port in the peer is in the Endpoint section. Like serverURL:portnum
It seems strange that the qr code didn't include that or the Addresses in the interface section. I had to hand edit the fields.
You should check your keys: make sure that the public key on the openwrt wireguard config (you can see this from wg show is entered into the mobile device’s peer config section. And then the reverse should be true - the public key from the mobile config should show up in the openwrt wireguard config under the peer section public key.
I had to leave there, but I was able to get SSH working so I left the router running. It has a rather large password so I think it will be safe for a few days until I get WireGuard working.
The wg show had an invalid public key for the wgclient. I changed it and the android WG app is now successfully handshaking according to WG SHOW.
The only problem is that it is still not transferring data. I can't access 192.168.1.1 or google or anything else when the VPN is up. Something is still wrong. Any ideas?
On another note, it seems that the app should be able to send its public key to the wg server once it has the server's public key. I shouldn't have had to cut and paste and nano edit and all that.
Add this to your peer config stanza on the OpenWrt Wireguard side...
option route_allowed_ips '1'
it should look like this:
config wireguard_vpn 'wgclient'
option public_key 'Another KEy='
option preshared_key 'Pre shared key='
list allowed_ips '192.168.9.2/32'
list allowed_ips 'XXXX:9::2/128'
option route_allowed_ips '1'
I added this and rebooted the router. There was no change. It still connects and handshakes, but won't allow connections to anything.
Let’s see the latest config files (network and firewall) and your mobile config file.
I am sending firewall, network and the mobile logs. I don't know how to get the android wireguard config files. Where would they be located?
I can manually transcribe what it shows me here:
private key: *******
public key: filled
addresses 192.168.9.1/24
listen port: empty
dns servers: empty
mtu: auto
peer
public key:filled
pre shared key: blank
persistant keepalive: blank
endpoint:serverURL:port
allowed ips:0.0.0.0/0,::/0
Firewall:
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone 'lan'
option name 'lan'
list network 'lan'
list network 'vpn'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone 'wan'
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled 'false'
config include
option path '/etc/firewall.user' ....empty file....
...confidential port forwards...
config rule 'wg'
option name 'Allow-WireGuard'
option src 'wan'
option dest_port '99999'
option proto 'udp'
option target 'ACCEPT'
config rule
list proto 'tcp'
option src 'wan'
option dest_port '00000'
option target 'ACCEPT'
option name 'Allow-SSH-WAN'
root@OpenWrt:/etc/config#
Network:
root@OpenWrt:/etc/config# cat network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd63:ee90:9a87::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device
option name 'eth0.2'
option macaddr '98:da:c4:47:2b:0f'
config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
config interface 'wan6'
option device 'eth0.2'
option proto 'dhcpv6'
option auto '0'
option reqaddress 'try'
option reqprefix 'auto'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 4 5 0t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 0t'
config interface 'vpn'
option proto 'wireguard'
option private_key 'private key==='
option listen_port '99999'
list addresses '192.168.9.1/24'
list addresses 'fdf1:e8a1:8d3f:9::1/64'
config wireguard_vpn 'wgclient'
list allowed_ips '192.168.9.2/32'
list allowed_ips 'fdf1:e8a1:8d3f:9::2/128'
option public_key 'mobile public key=='
option route_allowed_ips '1'
root@OpenWrt:/etc/config#
Android WG log
--------- beginning of system
07-28 19:13:49.507 19267 19267 D TextClassifierService: No configured system TextClassifierService
07-28 19:13:49.510 19267 19267 D TextClassifierService: No configured system TextClassifierService
07-28 19:13:49.515 19267 6578 D TextClassifierService: No configured system TextClassifierService
07-28 19:13:49.571 19267 6578 D androidtc: Loading ModelFile { path=/data/misc/textclassifier/textclassifier.model name=textclassifier.model version=611 locales=en }
07-28 19:13:49.689 19267 6578 D TextClassifierService: No configured system TextClassifierService
07-28 19:42:44.027 19267 19267 D TextClassifierService: No configured system TextClassifierService
07-28 19:42:44.029 19267 19267 D TextClassifierService: No configured system TextClassifierService
07-28 19:42:44.033 19267 8083 D TextClassifierService: No configured system TextClassifierService
07-28 19:42:44.040 19267 8083 D androidtc: Loading ModelFile { path=/data/misc/textclassifier/textclassifier.model name=textclassifier.model version=611 locales=en }
07-28 19:42:44.157 19267 8083 D TextClassifierService: No configured system TextClassifierService
07-28 19:42:51.534 19267 19267 D TextClassifierService: No configured system TextClassifierService
07-28 19:42:51.537 19267 19267 D TextClassifierService: No configured system TextClassifierService
07-28 19:42:51.540 19267 8050 D TextClassifierService: No configured system TextClassifierService
07-28 19:42:51.581 19267 8050 D TextClassifierService: No configured system TextClassifierService
07-28 19:42:54.761 19267 19267 D TextClassifierService: No configured system TextClassifierService
07-28 19:42:54.763 19267 8083 D TextClassifierService: No configured system TextClassifierService
07-28 20:25:37.434 11856 11856 D TextClassifierService: No configured system TextClassifierService
07-28 20:25:37.437 11856 11856 D TextClassifierService: No configured system TextClassifierService
07-28 20:25:37.443 11856 12201 D TextClassifierService: No configured system TextClassifierService
07-28 20:25:37.471 11856 12201 D androidtc: Loading ModelFile { path=/data/misc/textclassifier/textclassifier.model name=textclassifier.model version=611 locales=en }
07-28 20:25:37.569 11856 12201 D TextClassifierService: No configured system TextClassifierService
07-28 20:28:44.313 11856 11856 D TextClassifierService: No configured system TextClassifierService
07-28 20:28:44.316 11856 11856 D TextClassifierService: No configured system TextClassifierService
07-28 20:28:44.320 11856 12582 D TextClassifierService: No configured system TextClassifierService
07-28 20:28:44.328 11856 12582 D androidtc: Loading ModelFile { path=/data/misc/textclassifier/textclassifier.model name=textclassifier.model version=611 locales=en }
07-28 20:28:44.432 11856 12582 D TextClassifierService: No configured system TextClassifierService
--------- beginning of main
07-29 08:17:44.553 24784 24784 W ActivityThread: handleWindowVisibility: no activity for token android.os.BinderProxy@1ddb0be
--------- beginning of events
07-29 08:17:44.732 24784 24784 I am_on_create_called: [0,com.wireguard.android.activity.MainActivity,performCreate]
07-29 08:17:44.765 24784 24784 I am_on_start_called: [0,com.wireguard.android.activity.MainActivity,handleStartActivity]
07-29 08:17:44.766 24784 24784 I am_on_resume_called: [0,com.wireguard.android.activity.MainActivity,RESUME_ACTIVITY]
07-29 08:17:44.796 24784 24814 I Adreno : QUALCOMM build : 94a5458, I21281c58c8
07-29 08:17:44.796 24784 24814 I Adreno : Build Date : 12/18/18
07-29 08:17:44.796 24784 24814 I Adreno : OpenGL ES Shader Compiler Version: EV031.25.03.02
07-29 08:17:44.796 24784 24814 I Adreno : Local Branch :
07-29 08:17:44.796 24784 24814 I Adreno : Remote Branch : refs/tags/AU_LINUX_ANDROID_LA.UM.7.6.2.R1.09.00.00.463.046
07-29 08:17:44.796 24784 24814 I Adreno : Remote Branch : NONE
07-29 08:17:44.796 24784 24814 I Adreno : Reconstruct Branch : NOTHING
07-29 08:17:44.796 24784 24814 I Adreno : Build Config : S L 6.0.7 AArch64
07-29 08:17:44.841 24784 24814 I Adreno : PFP: 0x005ff112, ME: 0x005ff066
07-29 08:17:44.843 24784 24814 I ConfigStore: android::hardware::configstore::V1_0::ISurfaceFlingerConfigs::hasWideColorDisplay retrieved: 0
07-29 08:17:44.843 24784 24814 I ConfigStore: android::hardware::configstore::V1_0::ISurfaceFlingerConfigs::hasHDRDisplay retrieved: 0
07-29 08:17:44.844 24784 24814 I OpenGLRenderer: Initialized EGL, version 1.4
07-29 08:17:44.844 24784 24814 D OpenGLRenderer: Swap behavior 2
07-29 08:17:49.356 24784 24784 I menu_item_selected: [0,Settings]
07-29 08:17:49.387 24784 24784 I am_on_paused_called: [0,com.wireguard.android.activity.MainActivity,performPause]
07-29 08:17:49.400 24784 24784 W ActivityThread: handleWindowVisibility: no activity for token android.os.BinderProxy@5cd60c7
07-29 08:17:49.424 24784 24784 I am_on_create_called: [0,com.wireguard.android.activity.SettingsActivity,performCreate]
07-29 08:17:49.475 24784 24784 I am_on_start_called: [0,com.wireguard.android.activity.SettingsActivity,handleStartActivity]
07-29 08:17:49.475 24784 24784 I am_on_resume_called: [0,com.wireguard.android.activity.SettingsActivity,RESUME_ACTIVITY]
07-29 08:17:50.044 24784 24784 I am_on_stop_called: [0,com.wireguard.android.activity.MainActivity,STOP_ACTIVITY_ITEM]
07-29 08:17:53.784 24784 24784 I am_on_paused_called: [0,com.wireguard.android.activity.SettingsActivity,performPause]
07-29 08:17:53.797 24784 24784 W ActivityThread: handleWindowVisibility: no activity for token android.os.BinderProxy@8ab451d
07-29 08:17:53.847 24784 24784 I am_on_create_called: [0,com.wireguard.android.activity.LogViewerActivity,performCreate]
07-29 08:17:53.850 24784 24784 I am_on_start_called: [0,com.wireguard.android.activity.LogViewerActivity,handleStartActivity]
07-29 08:17:53.852 24784 24784 I am_on_resume_called: [0,com.wireguard.android.activity.LogViewerActivity,RESUME_ACTIVITY]
07-29 08:17:54.388 24784 24784 I am_on_stop_called: [0,com.wireguard.android.activity.SettingsActivity,STOP_ACTIVITY_ITEM]
07-29 08:17:57.626 24784 24784 I am_on_paused_called: [0,com.wireguard.android.activity.LogViewerActivity,performPause]
07-29 08:17:57.658 24784 24784 I am_on_restart_called: [0,com.wireguard.android.activity.SettingsActivity,performRestartActivity]
07-29 08:17:57.660 24784 24784 I am_on_start_called: [0,com.wireguard.android.activity.SettingsActivity,handleStartActivity]
07-29 08:17:57.661 24784 24784 I am_on_resume_called: [0,com.wireguard.android.activity.SettingsActivity,RESUME_ACTIVITY]
07-29 08:17:58.227 24784 24784 I am_on_stop_called: [0,com.wireguard.android.activity.LogViewerActivity,LIFECYCLER_STOP_ACTIVITY]
07-29 08:17:58.229 24784 24784 I am_on_destroy_called: [0,com.wireguard.android.activity.LogViewerActivity,performDestroy]
07-29 08:18:03.366 24784 24784 I am_on_paused_called: [0,com.wireguard.android.activity.SettingsActivity,performPause]
07-29 08:18:05.890 24784 24784 I am_on_resume_called: [0,com.wireguard.android.activity.SettingsActivity,RESUME_ACTIVITY]
07-29 08:18:12.320 24784 24784 I am_on_paused_called: [0,com.wireguard.android.activity.SettingsActivity,performPause]
07-29 08:18:14.696 24784 24784 I am_on_stop_called: [0,com.wireguard.android.activity.SettingsActivity,STOP_ACTIVITY_ITEM]
07-29 08:22:41.736 24784 24784 I am_on_restart_called: [0,com.wireguard.android.activity.SettingsActivity,performRestartActivity]
07-29 08:22:41.737 24784 24784 I am_on_start_called: [0,com.wireguard.android.activity.SettingsActivity,handleStartActivity]
07-29 08:22:41.739 24784 24784 I am_on_resume_called: [0,com.wireguard.android.activity.SettingsActivity,RESUME_ACTIVITY]
07-29 08:22:44.892 24784 24784 I am_on_paused_called: [0,com.wireguard.android.activity.SettingsActivity,performPause]
07-29 08:22:44.940 24784 24784 I am_on_stop_called: [0,com.wireguard.android.activity.SettingsActivity,sleeping]
07-29 08:22:45.755 24784 24784 I am_on_restart_called: [0,com.wireguard.android.activity.SettingsActivity,performRestartActivity]
07-29 08:22:45.762 24784 24784 I am_on_start_called: [0,com.wireguard.android.activity.SettingsActivity,handleStartActivity]
07-29 08:22:45.788 24784 24784 I am_on_resume_called: [0,com.wireguard.android.activity.SettingsActivity,RESUME_ACTIVITY]
07-29 08:22:47.861 24784 24784 I am_on_paused_called: [0,com.wireguard.android.activity.SettingsActivity,performPause]
07-29 08:22:47.895 24784 24784 I am_on_restart_called: [0,com.wireguard.android.activity.MainActivity,performRestartActivity]
07-29 08:22:47.896 24784 24784 I am_on_start_called: [0,com.wireguard.android.activity.MainActivity,handleStartActivity]
07-29 08:22:47.897 24784 24784 I am_on_resume_called: [0,com.wireguard.android.activity.MainActivity,RESUME_ACTIVITY]
07-29 08:22:48.448 24784 24784 I am_on_stop_called: [0,com.wireguard.android.activity.SettingsActivity,LIFECYCLER_STOP_ACTIVITY]
07-29 08:22:48.450 24784 24784 I am_on_destroy_called: [0,com.wireguard.android.activity.SettingsActivity,performDestroy]
07-29 08:22:49.380 24784 24800 I WireGuard/GoBackend: Bringing tunnel MobileVPN UP
07-29 08:22:49.381 24784 24800 D WireGuard/GoBackend: Requesting to start VpnService
07-29 08:22:50.161 24784 24800 D WireGuard/GoBackend: Go backend eb6302c
07-29 08:22:50.217 24784 24800 D WireGuard/GoBackend/MobileVPN: Attaching to interface tun0
07-29 08:22:50.224 24784 24800 D WireGuard/GoBackend/MobileVPN: UAPI: Updating private key
07-29 08:22:50.225 24784 24800 D WireGuard/GoBackend/MobileVPN: UAPI: Removing all peers
07-29 08:22:50.226 24784 24800 D WireGuard/GoBackend/MobileVPN: peer(Ia65…izQo) - UAPI: Created
07-29 08:22:50.226 24784 24800 D WireGuard/GoBackend/MobileVPN: peer(Ia65…izQo) - UAPI: Adding allowedip
07-29 08:22:50.226 24784 24800 D WireGuard/GoBackend/MobileVPN: peer(Ia65…izQo) - UAPI: Adding allowedip
07-29 08:22:50.226 24784 24800 D WireGuard/GoBackend/MobileVPN: peer(Ia65…izQo) - UAPI: Updating endpoint
07-29 08:22:50.230 24784 31774 D WireGuard/GoBackend/MobileVPN: Routine: event worker - started
07-29 08:22:50.233 24784 24800 D WireGuard/GoBackend/MobileVPN: UDP bind has been updated
07-29 08:22:50.233 24784 24800 D WireGuard/GoBackend/MobileVPN: peer(Ia65…izQo) - Starting
07-29 08:22:50.233 24784 24800 D WireGuard/GoBackend/MobileVPN: Interface state was Down, requested Up, now Up
07-29 08:22:50.233 24784 24800 D WireGuard/GoBackend/MobileVPN: Device started
07-29 08:22:50.235 24784 24838 D WireGuard/GoBackend/MobileVPN: Routine: encryption worker 5 - started
07-29 08:22:50.235 24784 24807 D WireGuard/GoBackend/MobileVPN: Routine: encryption worker 1 - started
07-29 08:22:50.235 24784 24838 D WireGuard/GoBackend/MobileVPN: Routine: decryption worker 3 - started
07-29 08:22:50.235 24784 24807 D WireGuard/GoBackend/MobileVPN: Routine: encryption worker 6 - started
07-29 08:22:50.235 24784 24838 D WireGuard/GoBackend/MobileVPN: Routine: handshake worker 3 - started
07-29 08:22:50.235 24784 24838 D WireGuard/GoBackend/MobileVPN: Routine: encryption worker 4 - started
07-29 08:22:50.236 24784 24807 D WireGuard/GoBackend/MobileVPN: Routine: decryption worker 5 - started
07-29 08:22:50.236 24784 24838 D WireGuard/GoBackend/MobileVPN: Routine: decryption worker 4 - started
07-29 08:22:50.236 24784 24838 D WireGuard/GoBackend/MobileVPN: Routine: handshake worker 4 - started
07-29 08:22:50.236 24784 24838 D WireGuard/GoBackend/MobileVPN: Routine: decryption worker 6 - started
07-29 08:22:50.236 24784 24838 D WireGuard/GoBackend/MobileVPN: Routine: encryption worker 2 - started
07-29 08:22:50.236 24784 24807 D WireGuard/GoBackend/MobileVPN: Routine: handshake worker 5 - started
07-29 08:22:50.236 24784 24807 D WireGuard/GoBackend/MobileVPN: Routine: handshake worker 8 - started
07-29 08:22:50.236 24784 24838 D WireGuard/GoBackend/MobileVPN: Routine: decryption worker 1 - started
07-29 08:22:50.236 24784 24807 D WireGuard/GoBackend/MobileVPN: Routine: TUN reader - started
07-29 08:22:50.236 24784 24838 D WireGuard/GoBackend/MobileVPN: Routine: handshake worker 1 - started
07-29 08:22:50.236 24784 24838 D WireGuard/GoBackend/MobileVPN: Routine: handshake worker 6 - started
07-29 08:22:50.236 24784 24813 D WireGuard/GoBackend/MobileVPN: Routine: encryption worker 7 - started
07-29 08:22:50.236 24784 24807 D WireGuard/GoBackend/MobileVPN: peer(Ia65…izQo) - Sending handshake initiation
07-29 08:22:50.236 24784 24813 D WireGuard/GoBackend/MobileVPN: Routine: decryption worker 2 - started
07-29 08:22:50.236 24784 24813 D WireGuard/GoBackend/MobileVPN: Routine: receive incoming v6 - started
07-29 08:22:50.236 24784 31773 D WireGuard/GoBackend/MobileVPN: Routine: handshake worker 2 - started
07-29 08:22:50.236 24784 31773 D WireGuard/GoBackend/MobileVPN: peer(Ia65…izQo) - Routine: sequential sender - started
07-29 08:22:50.236 24784 24813 D WireGuard/GoBackend/MobileVPN: Routine: receive incoming v4 - started
07-29 08:22:50.236 24784 31773 D WireGuard/GoBackend/MobileVPN: Routine: handshake worker 7 - started
07-29 08:22:50.236 24784 31773 D WireGuard/GoBackend/MobileVPN: Routine: encryption worker 8 - started
07-29 08:22:50.237 24784 31776 D WireGuard/GoBackend/MobileVPN: Routine: decryption worker 8 - started
07-29 08:22:50.238 24784 24822 D WireGuard/GoBackend/MobileVPN: Routine: encryption worker 3 - started
07-29 08:22:50.238 24784 31774 D WireGuard/GoBackend/MobileVPN: Routine: decryption worker 7 - started
07-29 08:22:50.238 24784 24810 D WireGuard/GoBackend/MobileVPN: peer(Ia65…izQo) - Routine: sequential receiver - started
07-29 08:22:50.337 24784 24813 D WireGuard/GoBackend/MobileVPN: peer(Ia65…izQo) - Received handshake response
07-29 08:22:52.412 24784 24784 I menu_item_selected: [0,Settings]
07-29 08:22:52.440 24784 24784 I am_on_paused_called: [0,com.wireguard.android.activity.MainActivity,performPause]
07-29 08:22:52.463 24784 24784 W ActivityThread: handleWindowVisibility: no activity for token android.os.BinderProxy@85a16d4
07-29 08:22:52.485 24784 24784 I am_on_create_called: [0,com.wireguard.android.activity.SettingsActivity,performCreate]
07-29 08:22:52.514 24784 24784 I am_on_start_called: [0,com.wireguard.android.activity.SettingsActivity,handleStartActivity]
07-29 08:22:52.515 24784 24784 I am_on_resume_called: [0,com.wireguard.android.activity.SettingsActivity,RESUME_ACTIVITY]
07-29 08:22:53.152 24784 24784 I am_on_stop_called: [0,com.wireguard.android.activity.MainActivity,STOP_ACTIVITY_ITEM]
07-29 08:22:54.188 24784 24784 I am_on_paused_called: [0,com.wireguard.android.activity.SettingsActivity,performPause]
07-29 08:22:54.210 24784 24784 W ActivityThread: handleWindowVisibility: no activity for token android.os.BinderProxy@10b2cd8
07-29 08:22:54.256 24784 24784 I am_on_create_called: [0,com.wireguard.android.activity.LogViewerActivity,performCreate]
07-29 08:22:54.258 24784 24784 I am_on_start_called: [0,com.wireguard.android.activity.LogViewerActivity,handleStartActivity]
07-29 08:22:54.259 24784 24784 I am_on_resume_called: [0,com.wireguard.android.activity.LogViewerActivity,RESUME_ACTIVITY]
07-29 08:22:54.785 24784 24784 I am_on_stop_called: [0,com.wireguard.android.activity.SettingsActivity,STOP_ACTIVITY_ITEM]
07-29 08:23:00.650 24784 24807 D WireGuard/GoBackend/MobileVPN: peer(Ia65…izQo) - Receiving keepalive packet
07-29 08:23:12.119 24784 24807 D WireGuard/GoBackend/MobileVPN: peer(Ia65…izQo) - Receiving keepalive packet
07-29 08:23:25.118 24784 31774 D WireGuard/GoBackend/MobileVPN: peer(Ia65…izQo) - Receiving keepalive packet
07-29 08:23:31.457 24784 24784 I am_on_paused_called: [0,com.wireguard.android.activity.LogViewerActivity,performPause]
07-29 08:23:31.486 24784 24784 I am_on_restart_called: [0,com.wireguard.android.activity.SettingsActivity,performRestartActivity]
07-29 08:23:31.488 24784 24784 I am_on_start_called: [0,com.wireguard.android.activity.SettingsActivity,handleStartActivity]
07-29 08:23:31.489 24784 24784 I am_on_resume_called: [0,com.wireguard.android.activity.SettingsActivity,RESUME_ACTIVITY]
07-29 08:23:32.054 24784 24784 I am_on_stop_called: [0,com.wireguard.android.activity.LogViewerActivity,LIFECYCLER_STOP_ACTIVITY]
07-29 08:23:32.055 24784 24784 I am_on_destroy_called: [0,com.wireguard.android.activity.LogViewerActivity,performDestroy]
07-29 08:23:34.287 24784 24784 I am_on_paused_called: [0,com.wireguard.android.activity.SettingsActivity,performPause]
07-29 08:23:34.314 24784 24784 I am_on_restart_called: [0,com.wireguard.android.activity.MainActivity,performRestartActivity]
07-29 08:23:34.316 24784 24784 I am_on_start_called: [0,com.wireguard.android.activity.MainActivity,handleStartActivity]
07-29 08:23:34.319 24784 24784 I am_on_resume_called: [0,com.wireguard.android.activity.MainActivity,RESUME_ACTIVITY]
07-29 08:23:34.834 24784 24784 I am_on_stop_called: [0,com.wireguard.android.activity.SettingsActivity,LIFECYCLER_STOP_ACTIVITY]
07-29 08:23:34.837 24784 24784 I am_on_destroy_called: [0,com.wireguard.android.activity.SettingsActivity,performDestroy]
07-29 08:23:37.478 24784 24784 I am_on_paused_called: [0,com.wireguard.android.activity.MainActivity,performPause]
07-29 08:23:37.550 24784 24784 I am_on_stop_called: [0,com.wireguard.android.activity.MainActivity,STOP_ACTIVITY_ITEM]
07-29 08:23:40.476 24784 24807 D WireGuard/GoBackend/MobileVPN: peer(Ia65…izQo) - Receiving keepalive packet
07-29 08:23:51.367 24784 24807 D WireGuard/GoBackend/MobileVPN: peer(Ia65…izQo) - Receiving keepalive packet
07-29 08:24:01.610 24784 31774 D WireGuard/GoBackend/MobileVPN: peer(Ia65…izQo) - Receiving keepalive packet
07-29 08:24:12.015 24784 24810 D WireGuard/GoBackend/DadsVPN: peer(Ia65…izQo) - Receiving keepalive packet
07-29 08:24:14.817 24784 24784 I am_on_restart_called: [0,com.wireguard.android.activity.MainActivity,performRestartActivity]
07-29 08:24:14.825 24784 24784 I am_on_start_called: [0,com.wireguard.android.activity.MainActivity,handleStartActivity]
07-29 08:24:14.826 24784 24784 I am_on_resume_called: [0,com.wireguard.android.activity.MainActivity,RESUME_ACTIVITY]
07-29 08:24:17.726 24784 24784 I menu_item_selected: [0,Settings]
07-29 08:24:17.738 24784 24784 I am_on_paused_called: [0,com.wireguard.android.activity.MainActivity,performPause]
07-29 08:24:17.752 24784 24784 W ActivityThread: handleWindowVisibility: no activity for token android.os.BinderProxy@2a76b80
07-29 08:24:17.771 24784 24784 I am_on_create_called: [0,com.wireguard.android.activity.SettingsActivity,performCreate]
07-29 08:24:17.792 24784 24784 I am_on_start_called: [0,com.wireguard.android.activity.SettingsActivity,handleStartActivity]
07-29 08:24:17.793 24784 24784 I am_on_resume_called: [0,com.wireguard.android.activity.SettingsActivity,RESUME_ACTIVITY]
07-29 08:24:18.319 24784 24784 I am_on_stop_called: [0,com.wireguard.android.activity.MainActivity,STOP_ACTIVITY_ITEM]
07-29 08:24:20.913 24784 24784 I am_on_paused_called: [0,com.wireguard.android.activity.SettingsActivity,performPause]
07-29 08:24:20.927 24784 24784 W ActivityThread: handleWindowVisibility: no activity for token android.os.BinderProxy@19239c4
07-29 08:24:20.965 24784 24784 I am_on_create_called: [0,com.wireguard.android.activity.LogViewerActivity,performCreate]
07-29 08:24:20.967 24784 24784 I am_on_start_called: [0,com.wireguard.android.activity.LogViewerActivity,handleStartActivity]
07-29 08:24:20.968 24784 24784 I am_on_resume_called: [0,com.wireguard.android.activity.LogViewerActivity,RESUME_ACTIVITY]
07-29 08:24:21.490 24784 24784 I am_on_stop_called: [0,com.wireguard.android.activity.SettingsActivity,STOP_ACTIVITY_ITEM]
07-29 08:24:22.086 24784 24810 D WireGuard/GoBackend/MobileVPN: peer(Ia65…izQo) - Receiving keepalive packet
07-29 08:24:22.707 24784 24784 I menu_item_selected: [0,Export log file]Change the address in the Android client to 192.168.9.2/32.
@krazeh beat me to it with the interface address on Android. But you’re also probably going to need a dns server - you can use your router lan interface (192.168.1.1) or a public one like 8.8.8.8
I had a few issues getting Wireguard working.
When configuring the client, copy the public key at the top of the page and use that for the Public key of the corresponding connection in OpenWrt.
.
The client is then configured with the Public Key taken from the top of the Wireguard page in OpenWRT.
If you are using a pre-shared key, it will need to be added to both OpenWrt and the client.
You can generate a pre-shared key using the following command in linux:
openssl rand -base64 32
My ISP doesn't allow a static IP address for non-business users, so I have had to set up a NoIP domain name that points to my WAN IP. This service is free, but you need to manually confirm the service is still active every month.
