Idiot's Guide to Configuring Wireguard - Client Tunnel

Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> Advanced Networking
Goto page Previous  1, 2, 3, 4, 5, 6  Next
Author Message
JulianAntras
DD-WRT Novice


Joined: 18 Mar 2015
Posts: 30

PostPosted: Mon Apr 06, 2020 10:43    Post subject: Reply with quote
For openwrt they have manual, but not for ddwrt.

https://www.azirevpn.com/support/guides/router/openwrt/wireguard
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Mon Apr 06, 2020 10:44    Post subject: Reply with quote
JulianAntras wrote:
This is the file i use one android and windows and have a public key look.

Quote:
[Interface]
PrivateKey = UKxxxxxxxxxxxxxxxxxxxxxxxxxEU=
Address = 12.2.1.128/19, 220e:1c22:4:2000::122/64
DNS = 12.222.22.2, 2002:22c:22ec:1337::2

[Peer]
PublicKey = vtxxxxxxxxxxxxxxxxxxxxxxxxxxxxxEM=
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = nl1.wg.azirevpn.net:443


You were talking about the DDWRT public key, you do not have to set that, the one you are referring to is the Peers public key, (of course you have to set it in the Peer section in the DDWRT GUI but it is not the Public key from the DDWRT router, it is the the Public key of the Peer).

Please start reading the guide then it hopefully will become clear to you.

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
JulianAntras
DD-WRT Novice


Joined: 18 Mar 2015
Posts: 30

PostPosted: Mon Apr 06, 2020 10:57    Post subject: Reply with quote
I have to thank you for your patience with me.

Look at the attachment, i have Local Public Key so i have to ignore that correct?

And i have in the peer, Peer Public Key and Pre-Shared Key so in the file i have.

Interface
PrivateKey

[Peer]
PublicKey

So what is the pre-shared key is the private key?
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Mon Apr 06, 2020 11:32    Post subject: Reply with quote
Patience is my middle name

1. You have a private key, there is no box to enter your private key in the GUI. You have to enter that with nvram parameters as described in the guide.
2. You have a Peer Public key, you enter that in .... Peer Public Key
3. You do not have a preshared key so yo do not fill in any

Please READ THE GUIDE it is in there

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
JulianAntras
DD-WRT Novice


Joined: 18 Mar 2015
Posts: 30

PostPosted: Mon Apr 06, 2020 12:31    Post subject: Reply with quote
Quote:
1. You have a private key, there is no box to enter your private key in the GUI. You have to enter that with nvram parameters as described in the guide.


I dont see this in the manual can you point where in the manual is this?

Example:
Quote:
[Interface]
PrivateKey = YEAAAAAAAAAAAAAAAAAAAAAAAAAAA=
Address = 10.239.140.13/8
DNS = 1.1.1.1

[Peer]
PublicKey = FOAAAAAAAAAAAAAAAAAAAAAAAAAAM=
Endpoint = 190.2.141.162:51840
AllowedIPs = 0.0.0.0/0


Can you give-me the steps what i have to do with this data?

If you have paypal i will to donate something for your time loosing time with me. Sad
JulianAntras
DD-WRT Novice


Joined: 18 Mar 2015
Posts: 30

PostPosted: Mon Apr 06, 2020 13:46    Post subject: Reply with quote
I request help to azirevpn, this is the answer.

Quote:
Hello,

DD-WRT actually propose a rather immature implementation of WireGuard, as such we did not successfully set up a tunnel from the Web interface. However it might be possible to write scripts and set-up the interface manually at router booting, which is an advanced procedure that we do not officially support.
If possible, we instead encourage the use of OpenWrt which has a well working implementation of WireGuard.

--
Best regards / Vänliga hälsningar
AzireVPN Support


I need to forget ddwrt and install openwrt Sad
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Mon Apr 06, 2020 14:24    Post subject: Reply with quote
JulianAntras wrote:
I request help to azirevpn, this is the answer.

Quote:
Hello,

DD-WRT actually propose a rather immature implementation of WireGuard, as such we did not successfully set up a tunnel from the Web interface. However it might be possible to write scripts and set-up the interface manually at router booting, which is an advanced procedure that we do not officially support.
If possible, we instead encourage the use of OpenWrt which has a well working implementation of WireGuard.

--
Best regards / Vänliga hälsningar
AzireVPN Support


I need to forget ddwrt and install openwrt Sad


Well OpenWRT is much more complex than DDWRT but true you need to set the private key via nvram parameters and use a script (I have requested our main developer to implement patches I have written to make things much easier but until now he has refused )

You already know what to fill in the GUI.

Two things are a little more difficult:
1. Setting the private key with nvram parameters:
From the GUIDE:
Code:
Note: if you setup to a commercial provider (like TorGuard, Azire) and you get a private key which you need to set (see: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=322822 ), you can do this by telnetting/Putty to your router and do (do not enter the [] ):
nvram set oet1_private=[privatekey]
nvram set oet1_privatekey=[privatekey]
nvram commit
After this Reboot.

2. Under Allowed IP's enter:
Code:
0.0.0.0/1, 128.0.0.0/1

3. Head over to the Wireguard setup thread : https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
In the second post copy the script from #=====BEGIN until END=== and goto to Administration/Commands paste the script there and Save as Firewall
4. Reboot the router and hope for the best. Others have it running like this but unfortunately you need some basic skills Sad

All support is free Smile

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
JulianAntras
DD-WRT Novice


Joined: 18 Mar 2015
Posts: 30

PostPosted: Mon Apr 06, 2020 15:13    Post subject: Reply with quote
Maybe you can show to developer this answer from azirevpn, this way maybe they implement the changes needed.
blkt
DD-WRT Guru


Joined: 20 Jan 2019
Posts: 5660

PostPosted: Mon Apr 06, 2020 15:31    Post subject: Reply with quote
I don't know what to say other than everything is right in front of you and AzireVPN Support is a joke.
JulianAntras
DD-WRT Novice


Joined: 18 Mar 2015
Posts: 30

PostPosted: Mon Apr 06, 2020 16:45    Post subject: Reply with quote
blkt wrote:
I don't know what to say other than everything is right in front of you and AzireVPN Support is a joke.


I have no doubt its right in my front, but i cant configure.

OpenVPN is working ok.
JulianAntras
DD-WRT Novice


Joined: 18 Mar 2015
Posts: 30

PostPosted: Mon Apr 06, 2020 16:55    Post subject: Reply with quote
1º- Reset the router

2º- Telnet
nvram set oet1_private=[privatekey]
nvram set oet1_privatekey=[privatekey]
nvram commit
reboot

3º- Go to Setup / Tunnels
Wireguard
Configured the rest fields like this
https://i.imgur.com/1ifFE2B.png
Under Allowed IP's enter: 0.0.0.0/1, 128.0.0.0/1

4º- Copy paste firewall command
https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135

But its not working Sad
With the openVPN i have a status where i can check a log, wireguard dont have a status to check log?
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Mon Apr 06, 2020 18:24    Post subject: Reply with quote
JulianAntras wrote:
1º- Reset the router

2º- Telnet
nvram set oet1_private=[privatekey]
nvram set oet1_privatekey=[privatekey]
nvram commit
reboot

3º- Go to Setup / Tunnels
Wireguard
Configured the rest fields like this
https://i.imgur.com/1ifFE2B.png
Under Allowed IP's enter: 0.0.0.0/1, 128.0.0.0/1

4º- Copy paste firewall command
https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135

But its not working Sad
With the openVPN i have a status where i can check a log, wireguard dont have a status to check log?


I took a look at your picture and I assume you are not done configuring, the port and endpoint address (you can use an url like nl1.wg.azirevpn.net) do not resemble the ones your windows/android client are using, and the allowed IP's are also not setup, you really must use: 0.0.0.0/1, 128.0.0.0/1

You IP address looks like it could be good, your netmask is probably wrong (although it does not matter much in this case) usually VPN providers specify an /8 netmask that is CIDR notation for 255.0.0.0

So just fill in the boxes according to my instructions with the settings (like endpoint address and port number) which you know are working for your windows client.

Also you need to set Keep Alive at 25

Set the private key with nvram, paste the script in the firewall, reboot the router and keep your fingers crossed.

If it is not working post another screenshot of your settings page, post router model and build number and post the necessary information form the Troubleshooting section in the back of the guide

it is not terribly difficult but you have to check and double check that you entered the right information in the right boxes Smile

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
JulianAntras
DD-WRT Novice


Joined: 18 Mar 2015
Posts: 30

PostPosted: Wed Apr 08, 2020 14:15    Post subject: Reply with quote
About setting with manual commands the private key wont work with some keys.

Code:

nvram set oet1_private=bOGxt5Wk5fi77zJPlXs+jiu5cXksq/SiRzq3s6clZZM=
nvram set oet1_privatekey=bOGxt5Wk5fi77zJPlXs+jiu5cXksq/SiRzq3s6clZZM=
nvram commit
reboot


Code:
wg showconf oet1
[Interface]
ListenPort = 51840
PrivateKey = aOGxt5Wk5fi77zJPlXs+jiu5cXksq/SiRzq3s6clZVM=


Seems DDWRT change this type of key, look now the key start with aO but the key original starts with bO.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Thu Apr 09, 2020 14:37    Post subject: Reply with quote
The fact that other providers do not give problems led me to believe that this free VPN provider (so there is no support) uses a different BASE64 encoding dialect then most others.


I have taken a look at TunSafe and also with Android and Windows clients I could not get it working.

But a strange thing it is.

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Hellakenut
DD-WRT Novice


Joined: 22 Mar 2019
Posts: 27
Location: Gamma Quadrant

PostPosted: Thu Apr 09, 2020 21:46    Post subject: Reply with quote
I could not get TunSafe working either. Tried both the Wireguard application as well as TunSafe's dedicated program on Windows and Android. Neither works for me.

I scanned TunSafe's forum and their GitHub page and it seems the developer has gone dark for quite some time now. The program hasn't been updated for around two years and nobody is responding to problems being reported in both the forum and GitHub issues page. If TunSafe is having server problems, it is not being communicated at all to their user base.

Personally, I'd suggest you look into a different VPN service.
Goto page Previous  1, 2, 3, 4, 5, 6  Next Display posts from previous:    Page 5 of 6
Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum