Posted: Mon May 23, 2022 13:21 Post subject: r7800 - Wireguard Cannot access router.
I am running a nighthawk r7800
Firmware R48741
Everything has been running smooth ever since my update to 48741. I recently saw proton vpn supports wireguard, so I set that up, works perfect. Except my work router won’t connect through the vpn. So this morning, I think I’ve messed up.
My dhcp on the router is set to only hand out up to .50. I set a static route for my work router to .254. Everything was fine at this point. I go into the tunnel and tell it only allow 192.168.1.0/25 to use the tunnel, saved, applied, now, I cannot connect to the router at all. I can ping it after a power fail, but then it goes up unresponsive and I cannot get to it at all. My pc is set to .10.
Joined: 31 Jul 2021 Posts: 2146 Location: All over YOUR webs
Posted: Mon May 23, 2022 14:41 Post subject:
Well, you did what you did and now youre in a delicate position.
Instead of trying to troubleshoot your unknown state which will consume your time and ours, it would be faster to reset to factory defaults, then upgrade to a current supported dd-wrt version which also contains the latest wireguard patches as well as security patches etc...
I just setup a 6700v3 for a family member, so I hooked it up and brought my 7800 to the build station, it was fine, I was able to log in....I have no idea why that fixed it, its back into production and working fine (tunnels disabled).
I wonder if the "reset after 5 failed boots" was what saved me just now.
I didn't do a nvram reset after upgrading to 48741 from my older build, I am going to go out on a limb and say that's what caused this, I'll try resetting that, then setting the vpn back up with exclusions.
Joined: 31 Jul 2021 Posts: 2146 Location: All over YOUR webs
Posted: Mon May 23, 2022 15:18 Post subject:
Upgrade to latest dd-wrt... in any case. Using old unsupported builds with security issues makes even less sense when someone uses VPN, which doesnt make your router immune to exploits.
Posted: Tue May 24, 2022 6:59 Post subject: Upgraded to 48954 as recommended
I updated to the newest build (you linked). I am getting the same behavior. Anytime I put ip's in the "Allowed IP's" section, with route Allowed IP's via tunnel checked. Once the tunnel connects, I lose connection to my router and internet. I have to reboot the router and get in before the tunnel connects to disable it (this is what fixed it earlier now that I've done it a few times).
If the Allowed IP's is set to 0.0.0.0/0 it works, but I can't have my work router go through the wireguard tunnel.
One thing I haven't tried is not including the router x.x.1.1 in the allow list. My first attempt to only route my DHCP pool was 192.168.1.0/24 (I set works router to 1.254 as my DHCP only hands out to 50) I googled what cidr notation didn't include .254 and /24 is what I found.
I just did a reverse calculation on that cidr, and it appears /24 covers all 255 addresses, so in all my attempts so far (aside from default 0.0.0.0/0) my router has been included in the tunnel. Should my routers internal IP not route through the tunnel?