Hello. I'm a newbie when it comes to setting up a wireguard server. I managed to do it once using a windows automated script but I'm trying to up my game by making a special setup since I have a spare router in my home.
This is my setup
So I am trying to setup a wireguard server on my second router ( tp link c6 v3.2) so I can connect from outside the network using my phone so that I can use the internet (and have the same ip as my home network).
I have a dynamic IP from my ISP but I have configured a ddns service (tp link ) on the main router (tp link c6 v2).
I have found a script to setup wireguard here: https://openwrt.org/docs/guide-user/services/vpn/wireguard/automated , but I don't know how to configure it so it can use the second router as a dumb ap.
I don't know how to setup a static routing on my main router.
I would appreciate a step-by-step newb friendly tutorial for what I need to do to make this work, if someone has the kind heart and patience to guide me through.
Well, I followed that tutorial and I don't know what to do next. I ssh into my router and execute that commands. What should I do next, how do I generate keys for my phone, how do I add my ddns in the setup. Also how do I enable masquerade for lan zone.
My suggestion is to setup the wireguard first, when you have it working, confirmed with the phone over the wifi you may setup port forwarding over the first router (port 51820 to 192.168.0.2). If the phone's client allows - use different less-known port. It is better to use NAT over the second router, since you will use its IP to access the LAN resources. Otherwise, the remaining LAN devices will refuse access to the different network, despite being over the LAN side of the first router. You may need to create a new firewall zone for the wireguard in order to get the NAT easily working or to move the AP to the WAN side and the wireguard to the LAN of the second router. You can do the basic firewall with the web interface if installed. If using uci, the rules and the zones could be numbered, so you should check your setup if not editing directly the /etc/config firewall. There are also luci-app-wireguard for the web interface and WireGuard Installer (client & server) packages available.
option name 'vpn'
list network 'vpn'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option name 'lan' -> This one exists. Add only the following line:
option masq '1'
I couldn't manage to create establish a connection between my phone and the router while connected to the wi-fi using this method. The QR code from the peers section didn't do anything when I scanned it with my phone.
I managed to establish a connection using this tutorial https://www.reddit.com/r/openwrt/comments/bahhua/openwrt_wireguard_vpn_server_tutorial/, but I didn't have access to the internet or to 192.168.0.2 or 192.168.0.1 .
I don't know what to do next, I did masquerade the LAN->WAN connection .
I don't think that I will find a step-by-step tutorial for this kind of setup, it takes too much time to write it. I barely established a connection, using the reddit tutorial, but I had no idea what I have done.
Deleted the forwarding rule.
Modified the endpoint to 192.168.0.2:1234.
Connected to the wifi.
Still no access to the internet.
Perhaps I should try again to setup from the beginning, from a simple dumb ap to creating a wireguard server. Maybe port forward from the main router to the second? Idk what is wrong with my setup. I really don't want to modify the setup ( I have some appliances connected to my main router via wifi and I don't want to modify them). I only want to be able to connect from another place to my home network so I can have my home ip.