Posted: Fri Jul 22, 2022 7:39 Post subject: [SOLVED] WireGuard tunnel doesn't work on R7000
Hi, I've configured lots of time DD-WRT with WireGuard but with this device I can't figure out why it isn't not working.
I'm configuring it for my parents home, I want to update and check it remotely, so I'm setting up a WireGuard tunnel. I'm already using it on my R7800 OpenWrt router, with older DD-WRT build it was working, now not anymore (surely my fault).
I created a new tunnel with these configs:
Then on my phone/pc i configured it:
the handshake works, data are passing but I can't ping is going in timeout and obviously no web pages are loading.
Wow, I just realized what an old build I was using, don't know why, I downloaded it from the ddwrt website, probably it hasn't been updated or I entered the wrong folder!
Now I updated, resetted, etc.. and all is working (what a changes on the WireGuard page ), I got it working and I can connect and browsing via my parents VPN but I'm unable to navigate inside their LAN from my home wifi network. If I use the VPN from 4G phone it works fine but not on wifi (that is the only reason for what I want to use my parent's VPN ).
I must have some settings inside my home network that doesn't allow to route it on iptables but I'm not able to understand well.
Here are the settings in my OpenWRT home router, I think the trouble is here:
Joined: 18 Mar 2014 Posts: 12837 Location: Netherlands
Posted: Sat Jul 23, 2022 7:34 Post subject:
You were probably using the router database to download that is outdated.
See the forum guidelines with helpful pointers about how to research your router, where and what firmware to download, where and how to post and many other helpful tips:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
If you connect with the WG client on your phone then it should not matter if the phone is on cellular or on wifi (whether a public hotspot or your home wifi)
If you connect with the WG client on your phone then it should not matter if the phone is on cellular or on wifi (whether a public hotspot or your home wifi)
Yes indeed, but instead it makes difference, since if I use my home wifi I'm unable to browse my parents LAN but I still see my home LAN, for this I posted the iptables rules but:
Quote:
Your router also seems to run WireGuard but that should have nothing to do with it although running a tunnel in a tunnel can cause problems
yes, what a stupid, I'm not running a tunnel in a tunnel, I don't know why but I thought my iptabes wireguard config was useful, instead absolytely not
So, what can be that still makes me to show my home internal LAN also if I'm connected to my parents WireGuard tunnel? (this is not happen with cellular connection)
Yes yes sorry I wanted to say 192.168.1.1/24. Yes both the same subnet !
If I change it to 192.168.2.x/24 on my parents router what can happen? I can simply change it from the main config page, in WireGuard I have to change something? Hmm at the moment I’m out of home and I don’t remember all…
But I have to change the dhcp range, I have a RPi runninng Pi-Hole on it to change, and what else I have to check? (Just in order to don’t forgot something).
Joined: 18 Mar 2014 Posts: 12837 Location: Netherlands
Posted: Sat Jul 23, 2022 9:10 Post subject:
You have to change one of the subnets to 192.168.2.1/24
It does not matter which one, You do not have to change anything on WG (assuming that the WG subnet is not 192.168.2.1/24)
From the server setup guide marked in yellow:
Quote:
As WireGuard is a routed solution all three involved subnets have to be different. So the Servers subnet, the WG subnet and the Clients subnet all have to be different!