udp dport 51820 counter packets 0 bytes 0 accept comment "!fw4: VPN"
Wait, I quickly delete wg0 and readded it, I was able to add lan firewall zone in the wg0
1 Like
Run a tcpdump to verify the packets are coming:
opkg update; opkg install tcpdump; tcpdump -i eth1 -n udp port 51820
I am not sure if I am doing it correctly. Ran the command for 2 minutes:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel
Assuming you were trying to connect on the macbook from a remote location while tcpdump was running then the traffic isn't reaching the router. That would suggest the endpoint address on the macbook is wrong.
Or maybe it is not reachable? Maybe it is behind some CGNAT? What is the first 2 octets of the wan IP? E.g 147.52.X.Y
IPv4: 85.132.X.Y/24
I don't think it's typo issue, the address is correct. rechecked everything.
Then check with your ISP if they see the packets, because nothing is reaching your router, as tcpdump shows.
You did follow @krazeh 's advice and restart the router after you have added wg0 to the LAN firewall zone?
You are testing from outside?
Yes, I rebooted the router after adding wg0 to LAN firewall zone.
from krazeh advice to
I added10.0.0.4/24 with a comma to existing address to the macbooks config, and the handshake was successful.
Okay, Now that it seems like the VPN situation has been sorted out. I would like to ask how may I access the Network Shared drive of my Desktop PC via VPN on macbook? Without ofc installing wireguard on the desktop pc itself
Which bit exactly did you add this to? If it's the AllowedIPs try changing it to 10.0.0.1/32. It should continue to work.
The same way you'd do it if you were locally. It looks like you're using the OpenWRT DNS server on the wireguard connection so you should be able to use your desktop PCs domain name to connect (if that's what you do on the LAN) or the IP address (192.168.0.139).
You may also need to check what firewall, if any, is running on the desktop PC and ensure it doesn't block traffic from non-local subnets (i.e. anything other than 192.168.0.0/24),
Yes, AllowedIPs which I have already added succesfully
I attempted to connect smb://192.168.0.139 which is unsuccessful, I have then checked my firewall and well, allowed any Address to go into SMB-In/Out service. Yet no work.
With a little bit of correct configuration both on MacBook and Openwrt Wireguards, I was able to successfully connect to the SMB. Thanks @krazeh, @egc, and @trendy for helping.
For those who will be interested with same thing:
wg0 Interface:
IP Addresses: 10.0.0.1/24
Listen port: 51820
Peers:
Allowed IPs:
10.0.0.2/32
Macbook config:
Address: 10.0.0.2/32
DNS = 10.0.0.1
Peer:
AllowedIPs: 0.0.0.0/0, ::/0, 192.168.0.0/24
Endpoint: PublicIPAdress:ListenPort
192.168.0.0/24 is unnecessary when you have 0.0.0.0/0. ::/0 is also unnecessary as you don't appear to have allocated (or are using) any IPv6 addresses.
However, it shouldn't have needed 0.0.0.0/0 adding to make it work. 10.0.0.1/32 would cover traffic to and from the VPN endpoint on the router. 192.168.0.0/24 covers traffic to and from your LAN. So unless you're using additional subnets which you didn't mention then it should've worked as it was.
What were the specific changes you made to make it work?
2 Likes
Mainly the Ip Adresses were changed, apparently I did some user mistake. But I don't think that I have to change anything now just not to mess it up.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.