WireGuard server on TP-Link RE450

Installing and Using OpenWrt
21

This should work... I don't see any reason for it to fail here.

Is there anything in /etc/firewall.user?

What version of OpenWrt are you using?

ubus call system board

Did you make any other changes to the base configuration aside from what is shown in these files?
And/or did you install or upgrade any packages aside from wireguard?

1 Like
22 
root@OpenWrt:~# cat /etc/firewall.user
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.

root@OpenWrt:~# ubus call system board
{
        "kernel": "5.4.215",
        "hostname": "OpenWrt",
        "system": "Qualcomm Atheros QCA956X ver 1 rev 0",
        "model": "TP-Link RE450 v2",
        "board_name": "tplink,re450-v2",
        "release": {
                "distribution": "OpenWrt",
                "version": "21.02.5",
                "revision": "r16688-fa9a932fdb",
                "target": "ath79/generic",
                "description": "OpenWrt 21.02.5 r16688-fa9a932fdb"
        }
}

Before installing wireguard following step by step the official guide here [OpenWrt Wiki] WireGuard server , RE450 was configured as Access Point following step by step this: [OpenWrt Wiki] Wireless Access Point / Dumb Access Point. No other changes to the base configuration and no other packages installed

23

I really don't see any reason why this wouldn't work.

Here's my suggestion...

  • make a backup.
  • Reset the device to defaults
    • when you do this, wifi will be disabled, the ethernet port should be assigned to lan and have the address 192.168.1.1 with the DHCP server enabled. Disconnect this from your main network and connect directly to a computer for the next parts.
  • Open the backup file and manually copy (via scp) the network and firewall files back to the device.
  • reboot the device (but keep it connected to your computer)
  • Edit the lan interface and set the DHCP server to ignore this interface. Also, make sure you turn off all DHCPv6 features while you're there.
  • reboot the device
  • plug it into your main network
  • install wireguard
  • reboot the device again.
  • try connecting using your mobile phone and test connectivity.
24

Before trying this, do you think it would work maybe disabling firewall? Or it is a "routing" issue?

25

Disabling the firewall will actually cause it to not work at all since the firewall is handling the masquerading and the forwarding rules. I would expect that you would get a connection, but only be able to ping the RE450, nothing else.

26

ok it's clear. what files do I have to backup and then restore?
But before could you please just check again if firewall is ok as in picture below?

image
image958×219 14.3 KB

27

Back up OpenWrt configuration to local PC.

  1. Navigate to LuCI → System → Backup / Flash Firmware → Actions: Backup.

  2. Click Generate archive button to download the archive.

Yes, the firewall is fine.

28

it works!
when you said that "Disabling the firewall will actually cause it to not work at all since the firewall is handling the masquerading and the forwarding rules." you make me remember that in the previous tutorial that I followed here [OpenWrt Wiki] Wireless Access Point / Dumb Access Point to configure the RE450 as AP, firewall was disabled because not necessary: I enabled firewall, tried a wireguard connection from mobile phone and all it's ok, I can navigate LAN and internet! Thank you!

1 Like
29

Wonderful!

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.

1 Like
30

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.