Joined: 18 Mar 2014 Posts: 12917 Location: Netherlands
Posted: Tue May 31, 2022 6:47 Post subject:
The former speakers already gave you some good advice
Start with setup by using the Server setup guide, the Advanced setup guide has instructions for a site-to-site setup, that is what you are doing with traffic in both directions.
I will throw in my two cents.
DDWRT 1
Your network setup has an uncommon subnet /22 do you really need that much IP addresses?
Your Gateway is wrong, the gateway is the routers gateway and should be the next hop, the router cannot send traffic to itself.
Luckily DDWRT will override this (depending on settings) but just keep the gateway at its default 0.0.0.0, meaning it will find the gateway automatically (if the router is used in gateway mode with WAN)
Your start ip address is .100 this is the old default (new default is .64) but your Maximum DHCP users is 190 which is the new default, why?
The last DHCP address will be .290 which is not working on a /24 subnet, you escape this problem by using a /22 subnet.
Again why these choices?
About the WG setup on DDWRT it looks OK save the Keepalive.
It is set at 10 which generates unnecessary traffic as 20 or 25 is more than adequate, but as this side is playing the Server role setting Keepalive is not necessary that is already been done by the client side so just keep it at its default 0.
DDWRT 2
The same questions about subnet DHCP range and Gateway only this time you are using /21 as subnet ?
Note under Allowed IP's on DDWRT 1 you used /22 so you cannot reach all clients if you keep it this way
About WireGuard setup
CVE mitigation should be off as already mentioned by @Bushant
You are using PBR where you can enter source IP addresses from your subnet which can use the the tunnel but you entered sources from the other side that is wrong, remove that entry and just use "Route all sources via VPN".
If you want PBR (which is uncommon in this setup as you only use a specific route to the other side) read up on it.
Keepalive 20 or 25 should be more than sufficient.