Really tried hard to work this all out for the last week till the early hours every day, followed must be hundreds of guides and started again multiple times but nothing is working as intended, tried to learn this and just not getting there
Idea - WiFi/LAN to route through the OpenWrt ISP router using Wireguard (creating my own VPN not paying for external ones) thus securing everything internal out and out to internal (such as devices that cannot download clients etc).
What I have > WiFi/LAN routes through unsecured via ISP router, and I can punch in via my Android phone via Wireguard successfully - linking the two seems impossible but surely isn't!
I am a novice to all this, so appreciate any help please! Using LuCI which I prefer, but also SSH when needed. The problems are most guides dont seem to cater specifically for this (not sure why, seems the most obvious option to me?) and if they do, are outdated or not including all info needed.
The latest guide I've chosen and implemented after following the various combined guides to get to this point is:
Please let me know what commands you'd like me to output to assist.
Typically, you do not need PBR to route all traffic via the VPN.
Here are the WireGuard server and client how-tos.
Post your configuration if you still have questions:
Yes, I tried those guides initially, but they do rely on a somewhat more experienced user to read between the lines I think. I moved on from them a few guides ago! That ultimately led me to a guide that suggested PBR was needed which did seem like over complicating but?
Please see the info you requested below, apologies, there is a lot of it
The other end of your wireguard tunnel. Wireguard (like all VPNs) encrypts data between two points, you can't just setup a wireguard interface by itself and expect it to do anything.
Well perhaps this is the issue I'm running into, a misunderstanding of what was possible?
Previously I had a raspberry pi running OpenVPN over a wireless AP, and everything I wanted encrypted on my network I joined to that, which routed to my ISP router and in/out. That pi stopped working, after a day or two of working on it I discovered wireguard and tried it on a Pi4, although still having difficulties. I thought it may be router related, so upgraded the router which broke most things! Then I discovered Openwrt and thought I could use that and get rid of the Pi's entirely to encrypt data, but don't want to pay for an external VPN provider.... Hence where I am now today!
Yeah, you can't just encrypt data on your router and send it out to the wider internet. It needs to go to another device where it is decrypted and then passed on to the internet. Whatever setup you previously had with OpenVPN still would've sent the data off to another device for decryption before it went onto the internet.
Ah cr#p - been running the openvpn for a year or two assuming i was encrypting everything going out lol, at least it was good for my android phone coming in!
Any recommendations on a VPN with good UK speeds WG compatible please?
Surfshark are doing good deals at the moment. You can get 2 years for 35.76GBP. It also allows for unlimited devices, and i've been using them for about a year now on various things without issue.
Your speed however will also be affected by your router spec. Mine don't usually go higher than 9mbps on any location config using my BT HomeHub 5, but thats good enough for my 'secure' requirement.
They don't offer wireguard over OpenWrt though when I looked into it, most do not. I'm concerned about the speeds however, as my intention is to route everything, security cameras, consoles, streaming etc etc with quite a few devices and I have a 100mb connection - I don't think my old router will get anywhere near what I need. Think I'll have to scrap this idea and go Raspberry Pi 4 as the gateway