[SOLVED]Remote clients via wireguard vpn to the internet

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
foramgoram123
DD-WRT Novice


Joined: 10 Dec 2021
Posts: 2

PostPosted: Thu Dec 23, 2021 5:52    Post subject: [SOLVED]Remote clients via wireguard vpn to the internet Reply with quote
I am trying to set up wireguard server on dd-wrt so remote clients use the vpn to access the internet. I followed 'DDWRT Wireguard server setup guide v41.pdf', set up the server and windows client running in AWS. The client connects but the internet traffic is not routed via VPN. In fact, there is no internet access from the client once the vpn client connects.

DD-WRT is behind ISP's router and I have forwarded port 51810 from ISP router to DD-WRT. DD-WRT's wan port is connected to ISP's router's LAN port.

Here is how the flow of traffic should be:
Windows VM (AWS) --> ISP router --> DD-WRT --> ISP router - Internet and back to the client in reverse.

DD- WRT's formware is Firmware: DD-WRT v3.0-r47822 std (12/09/21).

Attached screenshots have my settings.
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12834
Location: Netherlands

PostPosted: Thu Dec 23, 2021 9:15    Post subject: Reply with quote
If my first hunch is not correct than please post the whole setup page of the server including the Connection status (refreshed after a few minutes of uptime and after you made a connection from the client)

Also with the whole content of the Allowed IP's

First some remarks which are probably not the cause:
Your MTU is 1440 which gives the best throughput for IPv4 only. Sometimes along the way IPv6 can be involved (perhaps windows/VMS) and when in doubt 1420 is the safer bet, you should set that on both sides

The Listen port on the windows client is 51820 but the endpoint port is 51810 normally not a problem, the client advertises its listen port to the server and the server will use that.
I noticed that some providers have a bad implementation and it only works when using the same Listen port and endpoint port (the endpoint port of course is leading)
It should not be a problem here but for testing make the Listen port the same as the endpoint port (51810)

In the Windows client the Keepalive setting is missing, add in the Windows settings:
Code:
PersistentKeepalive = 20


The Allowed IP's on the server side have a lot of entries but the only entry usually necessary is 10.4.0.7/32. This is because the Windows client by default NAT's all it traffic.
So I would suggest to remove everything but 10.4.0.7/32

Now on to the problems which could be the culprit Smile

On the Server you have set a DNS server via the tunnel, that means that the whole server is using that DNS server and that the route is through the tunnel (but if there is no one listening you will not have DNS at all) and to make matters worse the Windows client has that DNS server and routes it via the tunnel back so I think you have a DNS problem.
So remove the DNS server

Second problem you can/should disable NAT on the server side (it usually works with NAT enabled but it is not necessary)

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087


Last edited by egc on Thu Dec 23, 2021 17:24; edited 1 time in total
foramgoram123
DD-WRT Novice


Joined: 10 Dec 2021
Posts: 2

PostPosted: Thu Dec 23, 2021 15:37    Post subject: Reply with quote
I followed your advice and it does work now. With mtu and same port on both sides, it is a lot faster now. The dns via tunnel was set up to see if it makes it working. Before that I did not have it and allowed IPs was only 10.4.0.7/32 but it did not work. Not sure what happened but now with same settings as before like different ports on both sides and default mtu, it works but a bit slow. Anyways, thanks so much for your help.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12834
Location: Netherlands

PostPosted: Thu Dec 23, 2021 15:42    Post subject: Reply with quote
Glad you solved it Smile
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum