Wireguard server/client problem

Hi,

I configured ddns, not sure if I need it to make remote acces to LuCi (router)? What I try to do id wireguard server on open wrt and client on my cellphone, I've read many tutos but still no connection.

here my config on the router;

network.@device[0]=device
network.@device[0].name='br-lan'
network.@device[0].type='bridge'
network.@device[0].ports='eth1.1'
network.lan=interface
network.lan.device='br-lan'
network.lan.proto='static'
network.lan.ipaddr='192.168.1.1'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.wan=interface
network.wan.device='eth0.2'
network.wan.proto='dhcp'
network.wan.metric='1024'
network.wan.peerdns='0'
network.wan.dns='192.168.1.1'

network.vpn=interface
network.vpn.proto='wireguard'
network.vpn.private_key='IP4XXXXXXXXXXXXXXXXXXX92LH7DmXc2o='
network.vpn.listen_port='51820'
network.vpn.addresses='192.168.9.1/24' ''
network.wgclient=wireguard_vpn
network.wgclient.public_key='N1td9iZaCuVXXXXXXXXXXXXXXXXXXJ4bk7hBE='
network.wgclient.preshared_key='OwW/XoXXXXXXXXXXXXXXXXXXXXXSahhNGgiVA0dI='
network.wgclient.allowed_ips='192.168.9.2/32' ':2/128'
firewall.@defaults[0]=defaults
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@defaults[0].synflood_protect='1'
firewall.@defaults[0].flow_offloading='1'
firewall.lan=zone
firewall.lan.name='lan'
firewall.lan.input='ACCEPT'
firewall.lan.output='ACCEPT'
firewall.lan.forward='ACCEPT'
firewall.lan.network='lan' 'vpn'
firewall.wan=zone
firewall.wan.name='wan'
firewall.wan.input='REJECT'
firewall.wan.output='ACCEPT'
firewall.wan.forward='REJECT'
firewall.wan.masq='1'
firewall.wan.mtu_fix='1'
firewall.wan.network='wan'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wan'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].src_ip='fc00::/6'
firewall.@rule[3].dest_ip='fc00::/6'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@rule[7]=rule
firewall.@rule[7].name='Allow-IPSec-ESP'
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].name='Allow-ISAKMP'
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
firewall.qcanssecm=include
firewall.qcanssecm.type='script'
firewall.qcanssecm.path='/etc/firewall.d/qca-nss-ecm'
firewall.qcanssecm.family='any'
firewall.qcanssecm.reload='1'
firewall.bcp38=include
firewall.bcp38.type='script'
firewall.bcp38.path='/usr/lib/bcp38/run.sh'
firewall.bcp38.family='IPv4'
firewall.bcp38.reload='1'
firewall.wg=rule
firewall.wg.name='Allow-WireGuard'
firewall.wg.src='wan'
firewall.wg.dest_port='51820'
firewall.wg.proto='udp'
firewall.wg.target='ACCEPT'
crontab: can't open 'root': No such file or directory
root@OpenWrt:~# 

and after that for the client on my phone, Do I need to follow that here ?

https://openwrt.org/docs/guide-user/services/vpn/wireguard/client

You have to setup routing/policies so the responses go thru Wireguard.

See:

• https://openwrt.org/docs/guide-user/network/routing/routes_configuration
• https://openwrt.org/docs/guide-user/network/routing/ip_rules

why it is not include in the tuto?
and Ive read and follow many videos and wiki and I did not see that, do you have a complete tuto about it?

It seems like you're attempting to setup inbound traffic:

• That's not the common use case for most
• If you set everything outbound to use the VPN, this is already done

I posted the links, maybe you could provide more details on the server and others can respond with more information.

Inbound?
I would say that I want to use remote access protected by wireguard

For incoming connections to work the WAN IP in your router has to exactly match what is registered in ddns and shown by "whats my IP" test sites. If your ISP uses carrier grade NAT it will not match, and incoming connections are not possible.