Wireguard server does not work after perform reset

After performing the reset, the wireguard server does not work.

After two resetting, I followed the following two guides, but it also did not work.
The server worked well before resetting, but the server does not work after resetting.

Are you talking about a reboot or a reset to defaults?

What version of OpenWrt are you using?

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/firewall

Reset to default value.
my openwrt version is : OpenWrt 21.02.0 r16279-5cc0535800

/etc/config/network


config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'
        list network 'wg0'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'
config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config rule
        option name 'Support-UDP-Traceroute'
        option src 'wan'
        option dest_port '33434:33689'
        option proto 'udp'
        option family 'ipv4'
        option target 'REJECT'
        option enabled 'false'

config include
        option path '/etc/firewall.user'

config redirect
        option target 'DNAT'
        option name 'qe'
        list proto 'udp'
        option src 'wan'
        option src_dport '61820'
        option dest 'lan'
        option dest_port '61820'

/etc/config/network


config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix '<hide>'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0.1'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config device
        option name 'eth0.2'
        option macaddr '<hide>'

config interface 'wan'
        option device 'eth0.2'
        option proto 'dhcp'

config interface 'wan6'
        option device 'eth0.2'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '2 3 4 5 0t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '1 0t'

config interface 'wg0'
        option proto 'wireguard'
        option private_key '<hide>'
        option listen_port '61820'
        list addresses '10.14.0.1'

config wireguard_wg0
        list allowed_ips '10.14.0.4'
        option route_allowed_ips '1'
        option persistent_keepalive '25'
        option public_key '<hide>'

Prior to resetting, the wireguard server also worked with this setting.

The overall movement is strange. When trying to perform a third-party vpn connection on a PC connected to openwrt after resetting, strange problems such as not operating occur. I think the firmware is damaged during the opkg command. Is there any way to reinstall the firmware?

try making your firewall rule for WG a traffic rule, instead, like what you see below.

config rule
        option name 'Allow-Wireguard-Inbound'
        list proto 'udp'
        option target 'ACCEPT'
        option src 'wan'
        option dest_port '61820'

Also make sure that your keys are correct on both the OpenWrt peer and your remote peer.

1 Like

This is very unlikely if you installed the standard OpenWrt image. But you can always just download it again and reflash. Do not keep settings and you'll have a completely fresh installation.

1 Like

I'm sorry for being late.

As a result of adding the rule, you can access the LAN, but you can't access the Internet.

Please post the remote peer configuration.

Can I post this configuration?

/etc/config/network

config interface 'wg0'
        option proto 'wireguard'
        option private_key '<privkey>'
        option listen_port '61820'
        list addresses '10.14.0.1'

config wireguard_wg0
        option description 'ip'
        option public_key '<pubkey>'
        list allowed_ips '10.14.0.2'
        option route_allowed_ips '1'
        option persistent_keepalive '25'

my phone configuration

addresses = 10.14.0.2/32
Listenport = automatic
MTU = automatic
DNS Server = 10.14.0.1
public key = <server pubkey>
endpoint = <my ip>:61820
allowed ips = 0.0.0.0/0

This issue might be your dns. Try 8.8.8.8 and see if it works.

1 Like

I set it to 8.8.8.8, and it works properly. Thank you!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.