Posted: Sun Feb 07, 2021 4:54 Post subject: [SOLVED]Wireguard setup on 2nd router as WAP
Hi,
I want to setup wireguard vpn server at 2nd router Linksys E2000. The main router connects to internet and the 2nd router connects to main using wired connection as network repeater. DHCP/firewal is off on 2nd router. What I did:
1. installed latest build 45690
2. enable tunnel/wireguard and configured, see attached snapshot
3. in main router, setup port forwarding 51820 to the 2nd router and open 51820 in the firewall.
4. scan QR code on wireguard app in android phone
5. change the endpoint address in android phone to my home public ip address.
However, when I enabled wireguard vpn on my phone, I am not able to connect to home route. Log shows it does not receive handshake signal.
It looks like you have setup this router as a WAP (Wireless Access Point).
Make sure you have setup correctly , WAN disabled, DHCP off and Local IP and Gateway set to the primary router. https://wiki.dd-wrt.com/wiki/index.php/Wireless_access_point
WireGuard has several guides which apply to your situation, the Server setup guide and the Advanced Setup guide which has a paragraph about using WG on a WAP.
See:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327397
which is a sticky in the Advanced Networking forum
Some key points:
Setup as a server e.g. disable CVE mitigation (although when implementing the next point you can actually leave it on but that is for the extreme advanced setup guide )
Add to the WAP (Administration/Commands, save as Firewall):
Thanks for your prompt reply. I have firewall turned off on 2nd router. Do I still need to add the command to firewall? or is this rule to be installed on main router?
Joined: 18 Mar 2014 Posts: 12917 Location: Netherlands
Posted: Tue Feb 09, 2021 12:04 Post subject:
You have to add this rule on your WAP so that the traffic coming out of the WG server is NATted onto the local subnet so that it can reach your primary router and back.
You have to add this rule on your WAP so that the traffic coming out of the WG server is NATted onto the local subnet so that it can reach your primary router and back.
This is an universal rule which is needed on a WAP if you deal with other subnets on the WAP like an unbridged VAP or a WG server