[SOLVED] WireGuard client and WireGuard server

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
ddwrtng24
DD-WRT Novice


Joined: 04 Nov 2024
Posts: 6

PostPosted: Mon Nov 04, 2024 2:01    Post subject: [SOLVED] WireGuard client and WireGuard server Reply with quote
Hello everyone,

So I use Mullvad on a Netgear R7000 running in gateway mode (dd-wrt build 44715) and I followed this tutorial and was able to connect via a WireGuard tunnel (oet1). It works great: https://support.flashrouters.com/dd-wrt/wireguard-setup/mullvad-wireguard-setup/

But I would like to now create another WireGuard tunnel (oet2) that I can connect to while outside of the house so I can access my home network. I can't get a handshake while the Mullvad tunnel is connected and it is due to the custom startup script you have to add to get Mullvad working (near the bottom of the above article).

The exact lines are as follows:

Code:
route del default
route add default dev oet1


When I remove these then Mullvad doesn't connect but my second WireGuard tunnel finally gets a handshake connection. I have no idea what I am doing with routing and spent about 8 hours talking to AI trying different firewall rules etc for the dd-wrt commands area and no matter what I did I couldn't get both WireGuard tunnels working at the same time. Does anyone understand routing and the code at the above article enough to help me get both working?

Thanks to anyone who takes time to help me, much appreciated!
Sponsor
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6993
Location: Romerike, Norway

PostPosted: Mon Nov 04, 2024 5:15    Post subject: Reply with quote
What Networks do you use?

They (oet1, oet2 and br0) shall all be different.
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6740
Location: UK, London, just across the river..

PostPosted: Mon Nov 04, 2024 8:35    Post subject: Reply with quote
lots of work on WG and tunnels ever since 44715...this is very old and buggy build with security holes and not updated binaries, update to the new build is very recommended, than reset and manually reconfigure...do not load settings from save file from a different builds, than refer to the WG guides @ advanced network stickies --> https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327397

Last build 58627 --> https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2024/11-03-2024-r58627/

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 58184 WAP
TP-Link WR1043NDv2 -DD-WRT 59045 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 59045 Gateway/DoT,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 59045 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 59045 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Dynalink DL-WRX36-DDWRT 59045
Broadcom
Netgear R7000 --DD-WRT 58976 Gateway/SmartDNS/DoT,AD-Block,IPsetFirewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 13491
Location: Netherlands

PostPosted: Mon Nov 04, 2024 13:05    Post subject: Reply with quote
Upgrade

After upgrade reset to defaults and put settings in manually

Then read the WG guides which are a sticky in this forum.

Running a concurrent WG client and WG server takes three mouse clicks and filling in `sport <wgserver-port>` in the PBR routing field routing this via the WAN in the WG client.

See WG client guide "Routed selected sources via the WAN"

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
ddwrtng24
DD-WRT Novice


Joined: 04 Nov 2024
Posts: 6

PostPosted: Mon Nov 04, 2024 15:18    Post subject: Reply with quote
Ok sounds good, I will try this. Thanks to both of you!

BTW I didn't realize I could upgrade. I had checked here and the last file was from 2020: https://dd-wrt.com/support/router-database/?model=R7000_v1
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 13491
Location: Netherlands

PostPosted: Mon Nov 04, 2024 16:08    Post subject: Reply with quote
ddwrtng24 wrote:
Ok sounds good, I will try this. Thanks to both of you!

BTW I didn't realize I could upgrade. I had checked here and the last file was from 2020: https://dd-wrt.com/support/router-database/?model=R7000_v1


See the forum guidelines with helpful pointers about how to research your router, where and what firmware to download, where and how to post and many other helpful tips:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
ddwrtng24
DD-WRT Novice


Joined: 04 Nov 2024
Posts: 6

PostPosted: Fri Nov 08, 2024 19:39    Post subject: Reply with quote
Hello everyone,

So I updated to build 58627 and finally got everything setup. Mullvad was much easier to connect now with no custom commands needed. I followed the tutorials on how to setup a WG server too but I seem to be stuck. I checked the tutorial multiple times to be sure my settings are correct but I still can't seem to connect over cell data. I can connect over Wifi with my phone but once I turn it off and use cell data I can't get a handshake. I do get an endpoint and a few KiB of transfer though so they seem to partially see each other. I did a port forward for the port I am using which I am attaching in a screenshot too. Lastly, I don't think this will matter but I wanted to note that I use a Pi for my DNS and so I do have the following added under "services > services > additional options":

Code:
dhcp-option=br0,6,192.168.1.101


Thanks for any help.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 13491
Location: Netherlands

PostPosted: Fri Nov 08, 2024 20:10    Post subject: Reply with quote
For testing disable the WG client to mullvadd

Your wan ip address is in the upper right hand corner, please share the first two octets: XXX.YYY
do not show the last two.

I do not think that anywhere it is stated you need to port forward so delete that.

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
ddwrtng24
DD-WRT Novice


Joined: 04 Nov 2024
Posts: 6

PostPosted: Fri Nov 08, 2024 21:59    Post subject: Reply with quote
Ok I disabled Mullvad and that seemed to do it. Now the WG server tunnel works on my cell data (not Wifi) and I got a handshake. I can also ping network devices via the phone too. Only thing I did notice is websites won't load. I then tried to ping the IP address of a site and it worked so something with the DNS I assumed. I didn't add a DNS to the WG server setup as I hoped it would default to the one my router uses through DNSmasq which routes through a Pi for filtering, etc. Lastly, in the WG Tunnel app I am using on the phone I set the DNS in there to 8.8.8.8 just to test and then sites loaded. So I went back to the WG server tunnel in DDwrt and specified Peer Tunnel DNS to 8.8.8.8 and removed these from the WG Tunnel app and it didn't work. But this is a side issue, the main issue being the Mullvad client tunnel and WG server tunnel don't seem to be able to work simultaneously right now.

Sure it is:

WAN IP: 98.115.xxx.xx

I also removed the port forwarding.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 13491
Location: Netherlands

PostPosted: Sat Nov 09, 2024 7:19    Post subject: Reply with quote
ddwrtng24 wrote:


WAN IP: 98.115.xxx.xx

I also removed the port forwarding.

Your WAN IP shows you have a publicly available IP address so that is good

ddwrtng24 wrote:
Ok I disabled Mullvad and that seemed to do it. the main issue being the Mullvad client tunnel and WG server tunnel don't seem to be able to work simultaneously right now.

Of course it does not work simultaneously without PBR, we already discussed that in my earlier post I even pointed you to the exact chapter for you to read Sad

ddwrtng24 wrote:

I didn't add a DNS to the WG server setup as I hoped it would default to the one my router uses through DNSmasq which routes through a Pi for filtering, etc. Lastly, in the WG Tunnel app I am using on the phone I set the DNS in there to 8.8.8.8 just to test and then sites loaded. So I went back to the WG server tunnel in DDwrt and specified Peer Tunnel DNS to 8.8.8.8 and removed these from the WG Tunnel app and it didn't work. But this is a side issue, the main issue being the Mullvad client tunnel and WG server tunnel don't seem to be able to work simultaneously right now.


That is not how it works, please read the manual. DNS has to be set on the client and has nothing to do with the server other than that you can make a config file for your client with settings (which can include a DNS address for your client to use)

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
ddwrtng24
DD-WRT Novice


Joined: 04 Nov 2024
Posts: 6

PostPosted: Sat Nov 09, 2024 15:59    Post subject: Reply with quote
egc wrote:

Of course it does not work simultaneously without PBR, we already discussed that in my earlier post I even pointed you to the exact chapter for you to read Sad


Oh my apologies, I did read over both manuals but perhaps I missed the chapter you pointed out. I will dig into this more. Thanks


egc wrote:

That is not how it works, please read the manual. DNS has to be set on the client and has nothing to do with the server other than that you can make a config file for your client with settings (which can include a DNS address for your client to use)


I saw this in the WG server manual:

"Peer Tunnel DNS: 8.8.8.8 or any other DNS server you trust. It is even possible to use your own DDWRT router as DNS server, in recent builds DNSMasq should listen on the WireGuard (oet) interface for DNS requests."

I thought that since I was using DNSMasq and was running a recent build it might work. But perhaps I am not understanding what this is saying?


Again, thanks for your time and help.
ddwrtng24
DD-WRT Novice


Joined: 04 Nov 2024
Posts: 6

PostPosted: Sat Nov 09, 2024 16:41    Post subject: Reply with quote
I believe I got it all working now thanks to your help! Very Happy For the DNS I just added my Pi IP in the WG tunnel app on the phone and it seems to be working.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 13491
Location: Netherlands

PostPosted: Sat Nov 09, 2024 17:31    Post subject: Reply with quote
ddwrtng24 wrote:

I saw this in the WG server manual:

"Peer Tunnel DNS: 8.8.8.8 or any other DNS server you trust. It is even possible to use your own DDWRT router as DNS server, in recent builds DNSMasq should listen on the WireGuard (oet) interface for DNS requests."

I thought that since I was using DNSMasq and was running a recent build it might work. But perhaps I am not understanding what this is saying?


Again, thanks for your time and help.


That is under Client Config, to make the config file you can import in your client Smile

But glad to hear you got it working Very Happy

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum