WireGuard, unable connect from IOS device

Recently I have configured WireGuard on my router but I can't connect from my IOS mobile (I don't have other devices to try).

OpenWRT configuration:

/etc/config/network:

config interface 'vpn'
        option proto 'wireguard'
        option private_key 'OPENWRT-PRIVATE-KEY'
        option listen_port '51820'
        list addresses '192.168.254.1/24'

config wireguard_vpn
        option description 'mobile'
        option public_key 'IOS-PUBLIC-KEY'
        option preshared_key 'PRESHARED-KEY'
        option persistent_keepalive '25'
        option route_allowed_ips '1'
        list allowed_ips '192.168.254.100/32'

/etc/config/firewall:

config defaults
        option input 'DROP'
        option output 'DROP'
        option forward 'DROP'
        option drop_invalid '1'
        option synflood_protect '1'

config zone
        option name 'lan'
        list network 'lan'
        list network 'vpn'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'wan-input-wireguard'
        option src 'wan'
        option proto 'udp'
        option dest_port '51820'
        option target 'ACCEPT'

Output of wg command:

interface: vpn
  public key: OPENWRT_PUBLIC_KEY
  private key: (hidden)
  listening port: 51820

peer: IOS-PUBLIC-KEY
  preshared key: (hidden)
  allowed ips: 192.168.254.100/32
  persistent keepalive: every 25 seconds

IOS configuration:

IOS log:

To try the connectivity, I am trying to access from IOS Safari to OpenWRT LuCI (using the local IP 192.168.255.1)

How is your "allowed IP" setting configured on your IOS device? I can't find it on the screenshot

1 Like

Seems optional, so I don't have configured (but previously I tried 0.0.0.0/0).

Here a more complete configuration screenshot:


Too I tried using on the IOS addresses field 192.168.254.100/32, I don't sure what is right netmask (the device or the network).

and without preshared key but the result is always the same:

Status update notification timeout for tunnel...

# Client
AllowedIPs = 0.0.0.0/0, ::/0

# Server
opkg update
opkg install tcpdump
tcpdump -n -i any udp port 51820
1 Like

I swear I had already tried it, but now it seems to be working!!! I can connect to OpenWRT LuCI using the local IP 192.168.255.1

Thank you very much.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.