Posted: Mon Jul 19, 2021 10:53 Post subject: DDWRT & Wireguard - WAN Access Server Setup
I have a DD-WRT router at home set up as a Wireguard server, which I am trying to access via WAN. Router sits behind my ISP's modem which forwards port 51820, and the client connects to a DDNS address since my IPS's IP is dynamic, resulting in the following setup
Now, from he client I can connect and send data to the Server, but am unable to receive anything. The ISP modem has port-forwarding for UDP 51820 enabled and the WireGuard configuration file is a 1:1 copy from my Ubuntu server where things work just fine. If I were to hazard a guess, I'd say there is either a Firewall issue / IP Address conflict / DD-WRT Tunnel issue that prevents the router from sending out traffic to the client.
Configuration as follows:
DD-WRT Router:
DD-WRT v3.0-r40559 std (08/06/19)
D-Link DIR 868L
LAN IP: 192.168.0.1
WAN IP: 10.0.0.3
[Peer]
PublicKey = <CLIENT_PUBLIC_KEY>
PresharedKey = U8PSn4PxYzg1l6FGMmIfkMpHHb6s7v06RDk8m1oSP4w=
AllowedIPs = 10.66.66.2/32
Endpoint = xxx.xxx.xxx.xxx:51820 # This is my clients dynamic IP, it appears automatically, I did not set this
PersistentKeepalive = 25
Please note that the Endpoint is something that cannot be configured in the DDWRT GUI, I don't know where that one comes from but it is in fact the ISP assigned IP of my client.
Client
Code:
[Interface]
PrivateKey = <CLIENT_PRIVATE_KEY>
ListenPort = 51820
Address = 10.66.66.2/32
DNS = 8.8.8.8
MTU = 1420
Long story short, can someone kindly help me with the following:
How can I check whether my WireGuard connection on port 51820 is SENDING data?
How can I open UDP traffic on port 51820 and allow it to be sent to any external IP?
How do I configure my IPTABLES firewall to allow the above traffic?
Appreciate any help with this, its been a few days now and I cannot seem to figure this out...
Joined: 08 May 2018 Posts: 14246 Location: Texas, USA
Posted: Mon Jul 19, 2021 11:27 Post subject:
Would be helpful to know which revision of DIR-868L. I second not using 40559, had I noticed that information when I was re-sizing your obnoxiously huge image, I would've just deleted the post. We do not wish to entertain discussion or support r40559 in this forum.
I second not using 40559, had I noticed that information when I was re-sizing your obnoxiously huge image, I would've just deleted the post. We do not wish to entertain discussion or support r40559 in this forum.
Always love attitudes like this, really helps a lot in finding out whats wrong here and what I should do. Especially the "I would have just deleted your post without telling you why" bit is really good to know, thanks a lot.
Quote:
Your DDWRT version is old, bad, deprecated and has security issues.
Step up to a recent build as of now we are using 47040.
DDWRT WireGuard documentation see the link in my signature at the bottom, have a look at the WireGuard Server setup guide.
Other then a port forward on your ISP router (or placing it in the DMZ) and following the setup guide nothing else should be necessary Smile
Thank you egc, will get my router updated ASAP and see how things go then. Appreciate you pointing me in the right direction. Cheers.
Joined: 08 May 2018 Posts: 14246 Location: Texas, USA
Posted: Mon Jul 19, 2021 13:02 Post subject:
And we still have no clue which version of DIR-868L you have. Please refer to the forum rules and guidelines, and re-read the router database landing page in it's entirety, including the disclaimer.