WireGuard

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2, 3, 4
Author Message
icecold2018
DD-WRT Novice


Joined: 12 Oct 2018
Posts: 2

PostPosted: Fri Oct 12, 2018 9:09    Post subject: Any updates? Reply with quote
So are there any updates on if/when wireguard will be available on Kong's builds?

Also, I'm sort of new to the netgear r7000 - so my question is should I use Kong's builds or DD-WRT beta builds? I'm not too sure about the differences.
Sponsor
icecold2018
DD-WRT Novice


Joined: 12 Oct 2018
Posts: 2

PostPosted: Fri Oct 12, 2018 9:38    Post subject: Re: Be aware of WireGuard limits Reply with quote
ice.man wrote:
I'm using Wireguard as a vpn server on a linux-VM nd I'm impresses of the tunnel creation speed and generl performance
Unfortunately I still need to rely on powerhungry OpenVPN as far as WireGuard only works on UDP
My experience is a very common firewall setup in public wifi (hotels, libraries, schools, university, etc) is to block all traffic but TCP port 80 and 443
this meaning desktop email clients will fail to work (no problem with webclients) but even wireguard is blocked (no matter if I set it to work on port 443)
So I actually have both of them up and running


I'm in the same boat - though I remember reading that you can get around the UDP issue by doing UDP over TCP. Would be interesting to see how that compares with Openvpn numbers. I would really really like to have a single VPN
mercurio
DD-WRT Novice


Joined: 08 Nov 2013
Posts: 10

PostPosted: Sun Oct 14, 2018 16:03    Post subject: Reply with quote
got a bit confused, running DD-WRT v3.0-r36698M std (08/22/1Cool

I have a linux server and want to configure my dd-wrt to route all my local net traffic through the server.
Can you please advise on the setup?
furthermore, the interface allows to generate the local public key, but how can I get the private key to add in the server?
liverpoolatnight
DD-WRT User


Joined: 29 May 2008
Posts: 243
Location: United Kingdom

PostPosted: Thu Oct 25, 2018 20:54    Post subject: Reply with quote
mercurio wrote:
I have a linux server and want to configure my dd-wrt to route all my local net traffic through the server


This is how you would setup a VPN client such as mullavd https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=312522&start=40 or in your case a linux server but as i said im having trouble aswell however i can ping and traceroute fine if a tracerouted from the oet1 interface like so
traceroute -i oet1 forum.dd-wrt.com so the key or whatever isnt the issue, Is getting the traffic to the oet1 interface.

What people are missing is that, Im not trying to setup a server in this case but a client to connect to as such, also asked here to https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=315934

_________________
TP-Link TL-WDR3600 v1 [EU]: r36330 (07/16/18 )
D-Link DIR-615 D2 [EU]: r36330 (07/16/18 )
Mikrotik RB750r2 (OpenWrt 17.01.4)
EE BrightBox 1 aka A4001N (OpenWrt 17.01.4)
Sagemcom FAST@5364 (VDSL2,FTTC (Fibre to the Cabinet) Synced 65/17

Twitter: @francisuk1989
---------------------------------
Found a bug? Report it http://svn.dd-wrt.com
DD-WRT Official FB Group: https://www.facebook.com/groups/493762527744455
truedis
DD-WRT Novice


Joined: 04 Sep 2010
Posts: 7

PostPosted: Wed Nov 28, 2018 18:51    Post subject: Reply with quote
This conversation all seems to be about creating a tunnel from a dd-wrt router to an external VPN service like Mullvad.

I'm interested in running a Wireguard VPN server on my router (as opposed to OpenVPN). Is that at all the intention of this work?
DeXB
DD-WRT Novice


Joined: 22 May 2017
Posts: 49

PostPosted: Fri Dec 07, 2018 9:09    Post subject: Reply with quote
Still no support for WireGuard on Kong's builds?
ersterhernd
DD-WRT Novice


Joined: 30 Dec 2018
Posts: 5

PostPosted: Sun Dec 30, 2018 4:34    Post subject: Reply with quote
I've tried the Wireguard install on both the latest BS and Kong builds as outlined in previous posts on this thread. Thanks for that fantastic information.

I'm having the same issue though in that client/server both handshake perfectly, but for the life of me I cannot get traffic routed through the WG VPN. Check my IP address gives identical results whether WG connected or not. I know the server works because I've tested it on MacOS and Android.

Anyone who has a solution please post.


Cheers
Ersterhernd
Pandora-Box
DD-WRT User


Joined: 09 Mar 2008
Posts: 218
Location: USA

PostPosted: Mon Dec 31, 2018 12:51    Post subject: Reply with quote
Hello,
@ersterhernd
I would suggest on the dd-wrt client you add manually three routes and see if this helps:
1. route for your WG tunnel (if not set):
ip route add <WAN=internet facing IP address of your WG remote server, you are connecting to> via <ISP provided gateway IP for your router> dev vlan2 (or WAN, internet facing interface) # vlan2 if your dd-wrt has pretty much default configuration of networking (depending on dd-wrt build and your router model).
to check this part: "via <ISP provided gateway IP for your router> dev vlan2", you run "ip route show" or "ip route show table main" and look for statement: "default via...." (with these commands I am being a bit explicit, since I do not know the level of your dd-wrt cli skills; if this is too much-my apologies).
this you can pase and copy to route indicated in # 1.
Now check if this route is added, by running the above ip route command.
If it is there,
add two more routes:
2. ip route add 0.0.0.0/1 via <remote WG tunnel endpoing IP> dev oet1 (or oetX, depending on your tunnel device setting), (eg. 10.10.10.1, tunnel IP on the server side);
3. ip route add 128.0.0.0/1 <via remote WG tunnel endpoing IP> dev oet1 (or oetX)
these two routes take priority and precedence over default 0.0.0.0/0 route (see: https://www.wireguard.com/netns/,or other general routing posts)
you can check if these routes were added,
and this pretty much should do it, unless you have firewall rules implemented preventing traffic through tunnel interface, but for this you should browse this topic's other pages, or other posts wireguard related, or wireguard routing examples posted here: https://www.wireguard.com/netns/, in the "Routing All Your Traffic" section.
At some WG routing settings, I have also noticed one more route:
remote WG tunnel endpoing IP via local WG tunnel endpoing IP dev oetX (eg: 10.10.10.1 via 10.10.10.2 dev oet1), but I do not see it on my dd-wrt.
Good Luck
P-B

_________________
Netgear R7000
Maverick98087
DD-WRT Novice


Joined: 23 Dec 2018
Posts: 9

PostPosted: Tue Jan 01, 2019 20:40    Post subject: Reply with quote
Hey guys, I recently loaded DD-WRT on my Netgear R8500 and am very pleased with it. I have setup Wireguard on it and have full access to all of my connected peers that are connected to my "hub" peer.

My VPN Network uses 192.168.2.0/24 with my primary peer using 192.168.2.1.
My router is using 192.168.1.0/24 with 192.168.2.10 as its IP on the VPN.

I do NOT want to route all traffic through the VPN; I only want my local LAN (192.168.1.0/24) to be able to access the 192.168.2.0/24 addresses as if they were part of the local LAN. I have not had any success with this as of yet without replacing or overriding my default route, which directs all traffic through the VPN.

After doing a lot of reading, I feel that a solution is rule-based routing, but I am not sure how to accomplish this or where to begin.

Basically, this is the desired data flow.

LAN(192.168.1.0/24)(Internet Request)---> Router --->Public Gateway--->Internet

LAN(192.168.1.0/24)(VPN Address Request(192.168.2.0/24)---> Router --->VPN Gateway(192.168.2.1)--->VPN Destination Address(192.168.2.0/24)

Is someone able to provide me with some information that will allow me to accomplish this?

Thanks in advance!
Happy New Year!
ersterhernd
DD-WRT Novice


Joined: 30 Dec 2018
Posts: 5

PostPosted: Wed Jan 02, 2019 0:17    Post subject: Reply with quote
Hi @Pandora-Box,

I messed around with it some more, based on your advice. I also stumbled across some firewall rules that worked perfectly. Wireguard clients are working very well on the latest Kong build for both my ASUS RT-AC68U and my Netgear R7000.

Thanks for your help.



My Routing Table...

Destination Gateway Genmask Flags Metric Ref Use Iface
default * 0.0.0.0 U 0 0 0 oet1
10.19.51.0 * 255.255.255.0 U 0 0 0 oet1
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
149.xxx.xxx.122 192.168.222.1 255.255.255.255 UGH 0 0 0 vlan2
169.254.0.0 * 255.255.0.0 U 0 0 0 br0
192.168.222.0 * 255.255.255.0 U 0 0 0 vlan2
192.168.224.0 * 255.255.255.0 U 0 0 0 br0


The Firewall Rules added through the DDWRT GUI...

iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -I FORWARD 1 --source 10.19.51.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.19.51.0/24 -o br0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.19.51.0/24 -j MASQUERADE


Cheers
Ersterhernd
liverpoolatnight
DD-WRT User


Joined: 29 May 2008
Posts: 243
Location: United Kingdom

PostPosted: Wed Jan 16, 2019 20:04    Post subject: Reply with quote
https://wiki.dd-wrt.com/wiki/index.php/The_Easiest_Tunnel_Ever
This tutorial will show you the basics of creating tunnel from your Android/iOS device to DD-WRT unit in a secure way - Please use the latest builds afther r38581 ftp://ftp.dd-wrt.com/betas/2019

NOT an DD-WRT router to an external VPN service as there is no direct option yet BS will implement this soon however see post 2 here https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318134

_________________
TP-Link TL-WDR3600 v1 [EU]: r36330 (07/16/18 )
D-Link DIR-615 D2 [EU]: r36330 (07/16/18 )
Mikrotik RB750r2 (OpenWrt 17.01.4)
EE BrightBox 1 aka A4001N (OpenWrt 17.01.4)
Sagemcom FAST@5364 (VDSL2,FTTC (Fibre to the Cabinet) Synced 65/17

Twitter: @francisuk1989
---------------------------------
Found a bug? Report it http://svn.dd-wrt.com
DD-WRT Official FB Group: https://www.facebook.com/groups/493762527744455
bjorn_e58
DD-WRT Novice


Joined: 06 Sep 2011
Posts: 12

PostPosted: Sat Oct 26, 2019 15:17    Post subject: Reply with quote
Being on Firmware: DD-WRT v3.0-r40559 std (08/06/19), on my Buffalo WZR-1750DHP, I got wireguard up and running (as a server, so I can access my Home LAN while outside) by doing little more than adding the tunnel and "nvram set oet1_bridged=0" for firewall rules. Peers can then be added including qr code generation for import on android.
Goto page Previous  1, 2, 3, 4 Display posts from previous:    Page 4 of 4
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum