Wireguard server on dumb ap TP LINK C6 v3

psherman · April 17, 2023, 11:54pm

You're still missing a forwarding rule:

config forwarding
        option src 'vpn'
        option dest 'lan'

yikarop660 · April 17, 2023, 11:56pm

How do I add it? Can I use the web interface?

psherman · April 17, 2023, 11:59pm

Edit the vpn fireall zone, then add the lan zone in the 'allow forward to destination zone' field.

yikarop660 · April 18, 2023, 12:04am

I did it! So I added the lan zone in the vpn firewall zone.
Now I am getting internet access when connected to my wifi, using wireguard.
What to do next?

psherman · April 18, 2023, 12:10am

great!

Next, verify that your main router is forwarding port 1234 from its wan to 192.168.0.2 port 1234.

Beyond that, if it still doesn't work, it'll be necessary to figure out if you have a true public IP on the wan of your main router.

yikarop660 · April 18, 2023, 12:20am

I did this on my main router.

Now the problem is that sometimes when I disconnect from wireguard and reconnect, there is no wireguard interface in status-> openwrt->wireguard ( it says that no wireguard interfaces are configured) and I must restart the wireguard interface.

psherman · April 18, 2023, 12:27am

You only need to forward UDP (under protocol).

Where do you see this? This is not expected behavior.

And, most importantly, when you do enable the interface from your phone (with the endpoint defined as your external IP/domain name), does it actually work as expected?

yikarop660 · April 18, 2023, 10:57am

I only forwarded UDP now.
I changed the endpoint to my domain name:1234 and I finally managed to get a handshake and access internet from my 4g plan on my phone.

The problem is that after I restart the router this happens:(and sometimes after connecting and disconnecting for a few times, not restarting)

I have to restart the wireguard interface and it works again.

psherman · April 18, 2023, 3:32pm

Is the interface set to "bring up on boot"?

yikarop660 · April 18, 2023, 3:55pm

yes. the bring up on boot box is checked.

trendy · April 18, 2023, 6:15pm

Is there anything interesting in the logs?

yikarop660 · April 18, 2023, 7:29pm

I am also losing internet access from time to time when connecting an ethernet cable to my laptop ( from a lan port on the second router ).
Should I attach a system log after this happens?

Tue Apr 18 22:34:40 2023 daemon.notice netifd: Interface 'wg0' is now down
Tue Apr 18 22:34:40 2023 daemon.notice netifd: Interface 'wg0' is setting up now
Tue Apr 18 22:34:41 2023 daemon.notice netifd: Interface 'wg0' is now up
Tue Apr 18 22:34:41 2023 daemon.notice netifd: Network device 'wg0' link is up
Tue Apr 18 22:34:41 2023 user.info : luci: accepted login on / for root from 192.168.0.130
Tue Apr 18 22:34:41 2023 user.notice firewall: Reloading firewall due to ifup of wg0 (wg0)
Tue Apr 18 22:35:03 2023 cron.err crond[2442]: USER root pid 2792 cmd /usr/share/wginstaller/wg.sh cleanup_wginterfaces
Tue Apr 18 22:35:04 2023 daemon.notice netifd: Network device 'wg0' link is down

it seems that I'm not the only one having this problem:
reddit

another openwrt user

also, the internet starts working again after reconnecting the cable to my laptop

Tue Apr 18 22:37:58 2023 user.notice firewall: Reloading firewall due to ifup of wg0 (wg0)
Tue Apr 18 22:40:00 2023 cron.err crond[2442]: USER root pid 3109 cmd /usr/share/wginstaller/wg.sh cleanup_wginterfaces
Tue Apr 18 22:40:00 2023 daemon.notice netifd: Network device 'wg0' link is down
Tue Apr 18 22:44:25 2023 kern.info kernel: [  618.627216] mt7530 mdio-bus:1f lan2: Link is Down
Tue Apr 18 22:44:25 2023 kern.info kernel: [  618.632370] br-lan: port 3(lan2) entered disabled state
Tue Apr 18 22:44:25 2023 daemon.notice netifd: Network device 'lan2' link is down
Tue Apr 18 22:44:35 2023 kern.info kernel: [  628.258200] mt7530 mdio-bus:1f lan2: Link is Up - 1Gbps/Full - flow control rx/tx
Tue Apr 18 22:44:35 2023 kern.info kernel: [  628.265722] br-lan: port 3(lan2) entered blocking state
Tue Apr 18 22:44:35 2023 kern.info kernel: [  628.270990] br-lan: port 3(lan2) entered forwarding state
Tue Apr 18 22:44:35 2023 daemon.notice netifd: Network device 'lan2' link is up

trendy · April 18, 2023, 8:00pm

This looks fishy and I don't have it in my OpenWrt.

trendy · April 18, 2023, 8:04pm

Going through the other topic, it seems to me that you installed wireguard by installing wg-installer-client or wg-installer-server which is not the vanilla wireguard.

yikarop660 · April 18, 2023, 9:15pm

I can confirm that wg-installer-server is installed in my software list. Should I uninstall it and try to install wireguard without it?
Also, why do I keep losing internet access via ethernet cable from the second router to laptop?

trendy · April 18, 2023, 9:17pm

Yes, install

luci-app-wireguard
luci-proto-wireguard
wireguard-tools
kmod-wireguard

No idea, don't mix things, solve one problem at a time.

yikarop660 · April 18, 2023, 10:47pm

Uninstalling the wg-installer-server did the trick. Now the wg interface is stable.
I don't really care that much about not having internet from secound router through ethernet cable, I will just plug it into the main router.
Thank you very much @psherman @trendy , it is all working as intended.

psherman · April 18, 2023, 11:43pm

Glad you found the problem and that it is all working now.

Feel free to open another topic about the other router's connectivity.

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks!

system · April 28, 2023, 11:43pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.