That's much better now. Unless there is some mistake in the keys, it should work.
What puzzles me is that the iphone client uses public key for the interface. Not sure if it is typo or indeed you need to specify there the public key that iphone produced.
even when starting from scratch on wireguard app, you cannot input text into the public key, you need to hit generate pair
so as far as i can tell its suppose to be the iphones generated public key
created that wireguard directory, cd into it, then ran wg genkey | tee privkey | wg pubkey > pubkey
then i just coppied the key to the interface, per
If you are using LuCI to configure WireGuard, it's enough to run “wg genkey” and copy the output into the field “Private Key”; The public key is then later shown in the LuCI interface under Status > WireGuard status.
@Owengerig, per the thread below, if you've been using QR Codes, please attempt manually copying the OpenWrt public key to your iPhone. There might be a bug with the QR code generation.
(edited after reviewing the thread not on mobile and realizing the tunnel may not be coming up at all)
With the current configuration, can you ping the OpenWRT tunnel address from the iPhone?
Run this command via ssh to the server to see if a connection was established:
wg show
If so (remote peer has a last handshake entry), is there is any traffic received by your firewall rule? run:
iptables -L -v
Find your Wireguard firewall rule(s) in the output and see if there are any packets received to it. If not then there is something blocking UDP 1200. Either ISP or local. If so then make sure you have forwarding set up between wg and lan.
It actually provides the entire config for the OpenWrt side, including peers and the OpenWrt's private key. This is not helpful to setup a peer device.
I would think it gives you the public key of the interface.
as far as i can tell this is what i have setup, with 2 minor changes
checking (making true) - Route Allowed IPs
I noticed my firewall rule had Destination Zone set to Device (input), which i changed to Any Zone - this wasnt specified in that tutorial but seemed wrong to me
update
i recreated vpn using this tutorial but results are the same still not working
The firewall rule is correct by setting it to destination device input as this is what shows in my rules and works.
Have you tried restarting the interface and then rechecking?
There can't be a space in the interface name. The output shown from your "wg showconf WireGuard VPN" command is telling you the syntax is wrong. Based on previous replies it should be "wg showconf WireGuardVPN" (no space). Could you try that and post the result?
But first...
The command "wg show" returns nothing on your router. I can re-create this if the interface is down. Try "ifup WireGuardVPN" and then "wg show". If it's still blank the interface is probably down. You could check with: ubus -v call network.interface.WireGuardVPN status | jsonfilter -e '@.up'
If up it will return true.