[SOLVED] WireGuard tunnel doesn't work on R7000

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
giuliomagnifico
DD-WRT User


Joined: 11 Apr 2016
Posts: 454
Location: Italy

PostPosted: Fri Jul 22, 2022 7:39    Post subject: [SOLVED] WireGuard tunnel doesn't work on R7000 Reply with quote
Hi, I've configured lots of time DD-WRT with WireGuard but with this device I can't figure out why it isn't not working.

I'm configuring it for my parents home, I want to update and check it remotely, so I'm setting up a WireGuard tunnel. I'm already using it on my R7800 OpenWrt router, with older DD-WRT build it was working, now not anymore (surely my fault).

I created a new tunnel with these configs:



Then on my phone/pc i configured it:



the handshake works, data are passing but I can't ping is going in timeout and obviously no web pages are loading.

What I'm doing wrong?

Thanks!
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Fri Jul 22, 2022 10:33    Post subject: Re: WireGuard tunnel doesn't work on R7000 Reply with quote
giuliomagnifico wrote:

the handshake works, data are passing but I can't ping is going in timeout and obviously no web pages are loading.

What I'm doing wrong?

Thanks!


You are using an old an outdated build and forgot to read the manual.

Latest build 49544, after upgrading reset to defaults and put settings in manually, never restore from a backup (to a different build)

WireGuard documentation is a sticky in the Advanced Networking forum to which I will transfer this thread:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327397

You need the WireGuard Server setup guide Smile

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
giuliomagnifico
DD-WRT User


Joined: 11 Apr 2016
Posts: 454
Location: Italy

PostPosted: Sat Jul 23, 2022 7:23    Post subject: Reply with quote
Hi @egc, thanks for the reply!

Wow, I just realized what an old build I was using, don't know why, I downloaded it from the ddwrt website, probably it hasn't been updated or I entered the wrong folder!

Now I updated, resetted, etc.. and all is working (what a changes on the WireGuard page Very Happy ), I got it working and I can connect and browsing via my parents VPN but I'm unable to navigate inside their LAN from my home wifi network. If I use the VPN from 4G phone it works fine but not on wifi (that is the only reason for what I want to use my parent's VPN Laughing ).

I must have some settings inside my home network that doesn't allow to route it on iptables but I'm not able to understand well.

Here are the settings in my OpenWRT home router, I think the trouble is here:


Code:
config defaults
   option input 'ACCEPT'
   option output 'ACCEPT'
   option synflood_protect '1'
   option forward 'ACCEPT'

config zone
   option name 'lan'
   option input 'ACCEPT'
   option output 'ACCEPT'
   option forward 'ACCEPT'
   list network 'lan'
   list network 'wg0'

config rule
   option name 'WireGuard'
   list proto 'udp'
   option src 'wan'
   option dest_port '51820'
   option target 'ACCEPT'
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Sat Jul 23, 2022 7:34    Post subject: Reply with quote
You were probably using the router database to download that is outdated.

See the forum guidelines with helpful pointers about how to research your router, where and what firmware to download, where and how to post and many other helpful tips:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087

If you connect with the WG client on your phone then it should not matter if the phone is on cellular or on wifi (whether a public hotspot or your home wifi)

Your router also seems to run WireGuard but that should have nothing to do with it although running a tunnel in a tunnel can cause problems

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
giuliomagnifico
DD-WRT User


Joined: 11 Apr 2016
Posts: 454
Location: Italy

PostPosted: Sat Jul 23, 2022 7:39    Post subject: Reply with quote
egc wrote:

If you connect with the WG client on your phone then it should not matter if the phone is on cellular or on wifi (whether a public hotspot or your home wifi)


Yes indeed, but instead it makes difference, since if I use my home wifi I'm unable to browse my parents LAN but I still see my home LAN, for this I posted the iptables rules but:

Quote:
Your router also seems to run WireGuard but that should have nothing to do with it although running a tunnel in a tunnel can cause problems


yes, what a stupid, I'm not running a tunnel in a tunnel, I don't know why but I thought my iptabes wireguard config was useful, instead absolytely not Laughing


So, what can be that still makes me to show my home internal LAN also if I'm connected to my parents WireGuard tunnel? (this is not happen with cellular connection)

Thanks for the help
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Sat Jul 23, 2022 8:09    Post subject: Reply with quote
WireGuard needs three different subnets as it is a routed solution.

Are the subnet of your parents and your own home the same?

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
giuliomagnifico
DD-WRT User


Joined: 11 Apr 2016
Posts: 454
Location: Italy

PostPosted: Sat Jul 23, 2022 8:23    Post subject: Reply with quote
egc wrote:
WireGuard needs three different subnets as it is a routed solution.

Are the subnet of your parents and your own home the same?


Oh I didn't know that, yes both 255.255.255.0

But if I change it of my parents home, I have also the change all the CIDR IP in WireGuard... there isn't another easier way to bypass this trouble? Confused
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Sat Jul 23, 2022 8:31    Post subject: Reply with quote
I do not mean the netmask but the subnet of the routers are they both e.g. 192.168.1.1 / 24
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
giuliomagnifico
DD-WRT User


Joined: 11 Apr 2016
Posts: 454
Location: Italy

PostPosted: Sat Jul 23, 2022 8:51    Post subject: Reply with quote
Yes yes sorry I wanted to say 192.168.1.1/24. Yes both the same subnet !

If I change it to 192.168.2.x/24 on my parents router what can happen? I can simply change it from the main config page, in WireGuard I have to change something? Hmm at the moment I’m out of home and I don’t remember all…

But I have to change the dhcp range, I have a RPi runninng Pi-Hole on it to change, and what else I have to check? (Just in order to don’t forgot something).
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Sat Jul 23, 2022 9:10    Post subject: Reply with quote
You have to change one of the subnets to 192.168.2.1/24

It does not matter which one, You do not have to change anything on WG (assuming that the WG subnet is not 192.168.2.1/24)

From the server setup guide marked in yellow:
Quote:
As WireGuard is a routed solution all three involved subnets have to be different. So the Servers subnet, the WG subnet and the Clients subnet all have to be different!

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6858
Location: Romerike, Norway

PostPosted: Sat Jul 23, 2022 10:16    Post subject: Reply with quote
Don't forget to disable the 2019 Mitigation to get access to the LAN.
giuliomagnifico
DD-WRT User


Joined: 11 Apr 2016
Posts: 454
Location: Italy

PostPosted: Sat Jul 23, 2022 12:17    Post subject: Reply with quote
Great, got it working from my home Wi-Fi. Thanks a lot for the help!

Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum