WireGuard (server) Setup guide

Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> Advanced Networking
Goto page Previous  1, 2, 3, 4, 5
Author Message
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Sat Apr 11, 2020 11:32    Post subject: Reply with quote
avalx wrote:
As per guide I configured my android client to connect only to my local LAN via wireguard, i.e. setting Allowed IPs to include wireguard server and my LAN IP: 10.4.0.1/32, 10.55.66.0/24

Now I would like to also reach one specific host on the Internet via the wireguard interface - something like a new route to this host.

Is this possible to configure with the Allowed IPs and if yes what shoud I put in the config on the client side?


An interesting question (from your post I understand that it is actually working Smile )

But yes, if you just add that address to the allowed IP's it should work (in theory).

But as this is a brand new option I just did a quick test, I removed everything from the allowed IP's and only added the peers IP address/32 and 104.26.8.109/32 (which is ipchicken.com which shows your external IP), Save/Apply and wait for some moments and ipchicken.com shows the IP address from my VPN provider and ipleak.net the IP address from my ISP.

So yes it should work not only in theory but also in practice Smile

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Sponsor
avalx
DD-WRT Novice


Joined: 23 Nov 2017
Posts: 5

PostPosted: Sat Apr 11, 2020 12:49    Post subject: Reply with quote
egc wrote:
avalx wrote:
As per guide I configured my android client to connect only to my local LAN via wireguard, i.e. setting Allowed IPs to include wireguard server and my LAN IP: 10.4.0.1/32, 10.55.66.0/24

Now I would like to also reach one specific host on the Internet via the wireguard interface - something like a new route to this host.

Is this possible to configure with the Allowed IPs and if yes what shoud I put in the config on the client side?


An interesting question (from your post I understand that it is actually working Smile )

But yes, if you just add that address to the allowed IP's it should work (in theory).

But as this is a brand new option I just did a quick test, I removed everything from the allowed IP's and only added the peers IP address/32 and 104.26.8.109/32 (which is ipchicken.com which shows your external IP), Save/Apply and wait for some moments and ipchicken.com shows the IP address from my VPN provider and ipleak.net the IP address from my ISP.

So yes it should work not only in theory but also in practice Smile


The example that you mentioned is indeed working fine, great to know. Smile

But I have a different problem that I wanted to solve by this kind of "routing".

I have a SIP/VOIP account at my ISP provider and I can only use it (register) from my IP address at home (for example I cannot register from any public of mobile networks). So I was hoping that by routing the traffic to the SIP registrar via wireguard and my home router I could use the account from other networks too. Sadly this does not work - I can't register to my SIP account even after I made the changes at the wireguard client. Crying or Very sad

Guess this is more complicated than I thought. Anyway it is not very importand for me so I can live without this (after all there are Viber, WhatsApp and others to use Very Happy )
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Sat Apr 11, 2020 13:31    Post subject: Reply with quote
Sorry I can not give you much help there, DDWRT has a SIP server which could be used to setup a connection (Asterisk) so it might be possible with the help of this but yes you need more then simple routing I guess Sad
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
buffalo0207
DD-WRT User


Joined: 30 Apr 2014
Posts: 147
Location: UK

PostPosted: Sun Apr 12, 2020 21:42    Post subject: Reply with quote
Hey egc,

As I'm using build 42872 on a R9000 using Mullvad, how do I set up PBR, if I no longer need to use your PBR script?
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Mon Apr 13, 2020 6:33    Post subject: Reply with quote
For PBR just use the PBR script and set NAT via tunnel and Route Allowed IP's both to disabled, the script will take care of this (script has been updated to solve a possible bug).

I have PBR running from the GUI in a test build, but it must be tested some more and then be accepted upstream so it will take at least another 6 weeks before we can have PBR via the GUI

But I am working on it see picture for how it might going to look Smile

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
avalx
DD-WRT Novice


Joined: 23 Nov 2017
Posts: 5

PostPosted: Tue Apr 14, 2020 9:07    Post subject: Reply with quote
egc wrote:
avalx wrote:

The only thing that is causing me some problems is accessing SMB shares from my phone to my internal file server (Linux Samba). But that is another story and I'll have to check my Windows/SMB settings locally.


Good to hear, yes SMB is a real problem we switched to a new KSMBD which is a WIP, some Android apps appear to work , it sometimes helps to set the minimum protocol version to NT 1.0 (on Services /NAS tab) , but I myself switched back to the older Samba36


Just to let you know I've solved the SMB problem as well. It was a simple matter of changing "hosts allow" parameter in the smb.conf file on my server to include also the wireguard network 10.4.0. Very Happy

Should've thought about this sooner! Embarassed
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Tue Apr 14, 2020 9:19    Post subject: Reply with quote
avalx wrote:
egc wrote:
avalx wrote:

The only thing that is causing me some problems is accessing SMB shares from my phone to my internal file server (Linux Samba). But that is another story and I'll have to check my Windows/SMB settings locally.


Good to hear, yes SMB is a real problem we switched to a new KSMBD which is a WIP, some Android apps appear to work , it sometimes helps to set the minimum protocol version to NT 1.0 (on Services /NAS tab) , but I myself switched back to the older Samba36


Just to let you know I've solved the SMB problem as well. It was a simple matter of changing "hosts allow" parameter in the smb.conf file on my server to include also the wireguard network 10.4.0. Very Happy

Should've thought about this sooner! Embarassed


Thanks excellent catch.

If you set it in tmp/smb.conf that change is not permanent, but you can place your own smb.conf on permanent storage in jffs/etc/smb.conf it will be read then

I will make a note in the guide Smile

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
buffalo0207
DD-WRT User


Joined: 30 Apr 2014
Posts: 147
Location: UK

PostPosted: Tue Apr 14, 2020 14:55    Post subject: Reply with quote
@egc

Thanks for the reply. I have one more question.

Within the 'Begin Rules' in the PBR script, if I want to use individual ip addresses with a subnet of 255.255.255.0, what would the correct input be?


add_rule from 192.168.10.31 # VU+ Solo4K

or

add_rule from 192.168.10.31/24 # VU+ Solo4K


Thanks...
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Tue Apr 14, 2020 15:47    Post subject: Reply with quote
Yes you can use cidr notation /24 is your c class subnet from 0-255 and in dotted decimal it is 255.255.255.0

In the next guide i will add calculator tools and conversion table:
https://kb.wisc.edu/page.php?id=3493
https://www.ipaddressguide.com/cidr

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
johnnyNobody999
DD-WRT User


Joined: 10 Jan 2014
Posts: 499

PostPosted: Tue Apr 14, 2020 18:19    Post subject: Android settings Reply with quote
I just figured out why wireguard wouldn't auto start on my Galaxy S8. This probably applies to S7, S9 and S10 and probably android tablets also.

Settings->Connections->More connection settings->VPN->Wireguard settings->Always-on VPN->enable

"Block connections without VPN" is optional but I enabled that setting and it works OK.

Both settings are disabled by default. Anyway, this probably should be included in the Wireguard setup manual.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Wed Apr 15, 2020 6:53    Post subject: Re: Android settings Reply with quote
johnnyNobody999 wrote:
I just figured out why wireguard wouldn't auto start on my Galaxy S8. This probably applies to S7, S9 and S10 and probably android tablets also.

Settings->Connections->More connection settings->VPN->Wireguard settings->Always-on VPN->enable

"Block connections without VPN" is optional but I enabled that setting and it works OK.

Both settings are disabled by default. Anyway, this probably should be included in the Wireguard setup manual.


Thanks, not so much related to WireGuard as these are normal Android/Phone settings also for other connections.

But if anybody is looking for those I can imagine it is difficult to find, so thanks for bringing it up.

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Goto page Previous  1, 2, 3, 4, 5 Display posts from previous:    Page 5 of 5
Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum