Hello. I'm a newbie when it comes to setting up a wireguard server. I managed to do it once using a windows automated script but I'm trying to up my game by making a special setup since I have a spare router in my home.
This is my setup
So I am trying to setup a wireguard server on my second router ( tp link c6 v3.2) so I can connect from outside the network using my phone so that I can use the internet (and have the same ip as my home network).
I have a dynamic IP from my ISP but I have configured a ddns service (tp link ) on the main router (tp link c6 v2).
I have found a script to setup wireguard here: https://openwrt.org/docs/guide-user/services/vpn/wireguard/automated , but I don't know how to configure it so it can use the second router as a dumb ap.
I don't know how to setup a static routing on my main router.
I would appreciate a step-by-step newb friendly tutorial for what I need to do to make this work, if someone has the kind heart and patience to guide me through.
Better follow the normal guide. The dumbAP doesn't use firewall, but you need to enable it only to masquerade the lan zone. Like this you don't need any static route on the main router.
Well, I followed that tutorial and I don't know what to do next. I ssh into my router and execute that commands. What should I do next, how do I generate keys for my phone, how do I add my ddns in the setup. Also how do I enable masquerade for lan zone.
My suggestion is to setup the wireguard first, when you have it working, confirmed with the phone over the wifi you may setup port forwarding over the first router (port 51820 to 192.168.0.2). If the phone's client allows - use different less-known port. It is better to use NAT over the second router, since you will use its IP to access the LAN resources. Otherwise, the remaining LAN devices will refuse access to the different network, despite being over the LAN side of the first router. You may need to create a new firewall zone for the wireguard in order to get the NAT easily working or to move the AP to the WAN side and the wireguard to the LAN of the second router. You can do the basic firewall with the web interface if installed. If using uci, the rules and the zones could be numbered, so you should check your setup if not editing directly the /etc/config firewall. There are also luci-app-wireguard for the web interface and WireGuard Installer (client & server) packages available.
config zone
option name 'vpn'
list network 'vpn'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'lan' -> This one exists. Add only the following line:
option masq '1'
I couldn't manage to create establish a connection between my phone and the router while connected to the wi-fi using this method. The QR code from the peers section didn't do anything when I scanned it with my phone.
I managed to establish a connection using this tutorial https://www.reddit.com/r/openwrt/comments/bahhua/openwrt_wireguard_vpn_server_tutorial/, but I didn't have access to the internet or to 192.168.0.2 or 192.168.0.1 .
I don't know what to do next, I did masquerade the LAN->WAN connection .
let's see your configs... we need the ones from your router as well as the phone.
Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
I don't think that I will find a step-by-step tutorial for this kind of setup, it takes too much time to write it. I barely established a connection, using the reddit tutorial, but I had no idea what I have done.
I removed the things you said.
I added a new forwarding rule from the vpn zone to lan, port 1234.
This is what I get from wg show when connected with my phone .
wg show
interface: wg0
public key: REDACTED
private key: (hidden)
listening port: 1234
peer: REDACTED
allowed ips: 10.14.0.3/32
persistent keepalive: every 25 seconds
I still don't get access to the internet. Perhaps I have to to something with my main router?
Deleted the forwarding rule.
Modified the endpoint to 192.168.0.2:1234.
Connected to the wifi.
Still no access to the internet.
Perhaps I should try again to setup from the beginning, from a simple dumb ap to creating a wireguard server. Maybe port forward from the main router to the second? Idk what is wrong with my setup. I really don't want to modify the setup ( I have some appliances connected to my main router via wifi and I don't want to modify them). I only want to be able to connect from another place to my home network so I can have my home ip.
