Posted: Sun Apr 13, 2025 22:26 Post subject: wireguard/nordvpn woes - (subject change)
I am working on 2 tunnels, one client and 1 server, and I've turned off the client (oet1) while I get the server (oet1) working. I imported the tunnel from another router that had a working tunnel but it won't run on this router. So, I started over and it looks like I've configured it according to the tutorial DDWRT Wireguard (server) setup guide (v 53) but I have the same problem. I've attached a file with a huge output and it's too difficult for me to analyze. I've included screen shots recommended by the tutorial and I've added some other info to the file. Can anyone see what's wrong?
Last edited by johnnyNobody999 on Sat Apr 19, 2025 20:21; edited 2 times in total
As no one has replied, I can only see one difference to my working server config, I see you have entered "DNS servers via tunnel" in your server config mine is blank.
I would remove Nords dns from your static DNS 1 & 2 use what ever 1.1.1.1 etc and just add Nords when selecting split DNS under PBR field in your commercial client config.
Hope that helps _________________ Main Router: Dynalink WRX36, PPPoE, Gateway Mode, Network IPV4 - Isolated Vlan's. Unifi AC-Pro x 3 AP's, Router Wi-Fi Disabled. Paid Commercial Wireguard Client's & WG server, DNSMasq, Static Leases with Cloudflare SmartDNS, DNSMasq Adblocking via egc script.
No one can build you the bridge on which you, and only you, must cross the river of life!
As no one has replied, I can only see one difference to my working server config, I see you have entered "DNS servers via tunnel" in your server config mine is blank.
I would remove Nords dns from your static DNS 1 & 2 use what ever 1.1.1.1 etc and just add Nords when selecting split DNS under PBR field in your commercial client config.
Hope that helps
I doubt anyone is going to wade through all that stuff I posted without being paid. No problem. I'm not running a business so I have time to figure it out even though there's a lot of stuff in the output that I don't understand.
I've been trying all kinds of configs to no avail. I'm going to roll back to my last known "somewhat working" firmware where wireguard was working.
I was using the nordvpn servers but changed to 1.1.1.1 and 8.8.8.8 in the static dns. No help no matter what I've tried. One other thing that puzzles me is that when I activate the WG server I lose internet and the DNS quits resolving and I noticed that I can ping my ISP gateway but I can't ping anything else - not even numerical addresses. Rolling back to firmware 60276.
Joined: 04 Aug 2018 Posts: 1542 Location: Appalachian mountains, USA
Posted: Thu Apr 17, 2025 21:26 Post subject:
I agree with @foz111. Leave "DNS Servers via Tunnel" blank in the server setup. That field is for a client, not a server.
Then in your client configs (for reaching that server), add a "DNS = RouterIP" line, using the router IP from your Basic Settings.
I haven't attempted to wade through more than that. One thing at a time, since this one thing is definitely a problem. _________________ On 59582: 3x Dynalink DL-WRX36, Linksys MX4200v2, 2x MR7350. VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
Joined: 04 Aug 2018 Posts: 1542 Location: Appalachian mountains, USA
Posted: Fri Apr 18, 2025 19:48 Post subject:
johnnyNobody999 wrote:
SurprisedItWorks wrote:
Then in your client configs (for reaching that server), add a "DNS = RouterIP" line, using the router IP from your Basic Settings.
Are you referring to the Client Peer Tunnel DNS field?
I don't use those Client Config File settings myself, but you should be able to do just that. Put the router IP in that field and then use Make Peer Config in the peer section to create an actual config file or QR code for use in your remote device.
I generally ignore those Client Config File fields and just use Make Peer Config anyway. In that case, the config file / QR code created will take care of the keys, but I have to edit the config file to add the DNS and endpoint info. So there are various ways to do the same thing. What matters is that in the end, the config file used by the remote (client) device has the "DNS = RouterIP" line in it. And no DNS information should appear in the dd-wrt setup outside of that Client Config File section.
If you set the server up to work with multiple peers, you will have to include this DNS line in all the peer configs.
Edit: yes, I saw that you got it working. Nice! Figured I should send this one anyway, for the record and other readers working on server setups. _________________ On 59582: 3x Dynalink DL-WRX36, Linksys MX4200v2, 2x MR7350. VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
Looks like I spoke too soon. Everything was fine for a couple of days but now amazon.com and youtube.com won't come up in the browser even though drill, dig, and nslookup indicates that DNS is resolving those domains. Either I'm overlooking something or there's a configuration issue that can't be resolved. It's strange that all of the other websites I go to come up in the browser just fine. Clearing the cache and disabling the browser extensions made no difference. I have the same issues when using Windows 10 and 11. Maybe I should try a different VPN. I hear Mulvad is a good option. Unless someone has experienced my problem and has a solution.
I think I need to use this ipset feature for amazon and youtube. There's a box for ipset domains and I placed amazon.com,youtube.com in the box but it didn't resolve the issue. What am I missing? And why would I need to do more configuration when I can use the nordlynx app for Ubuntu and not have this issue? Since there are limitations on the number of devices I can install nordlynx on, I'm configuring the router to handle everyone and every device in my house.
Anyway, adding this to the additional options box for dnsmasq seems to have solved the problem (I got this from the wireguard client tutorial): server=/netflix.com/amazon.com/1.0.0.1@vlan2
EDIT: turns out I had to edit the server option above to server=/youtube.com/amazon.com/google.com/1.0.0.1@vlan2 for my current needs. I have to ask, what good is the wireguard VPN if I have to make exceptions for those websites by bypassing the VPN and going direct to the WAN?
Simply change Nord's vpn endpoint server, it would appear to have been band by the services your trying to stream from if you can reach every other site.
This is not a DD-WRT issue.
Some times a reboot will fix this issue, as Nord run multiple IP's from a server. unless your using ip's in server field and not the FQDN. _________________ Main Router: Dynalink WRX36, PPPoE, Gateway Mode, Network IPV4 - Isolated Vlan's. Unifi AC-Pro x 3 AP's, Router Wi-Fi Disabled. Paid Commercial Wireguard Client's & WG server, DNSMasq, Static Leases with Cloudflare SmartDNS, DNSMasq Adblocking via egc script.
No one can build you the bridge on which you, and only you, must cross the river of life!
