But I would like to now create another WireGuard tunnel (oet2) that I can connect to while outside of the house so I can access my home network. I can't get a handshake while the Mullvad tunnel is connected and it is due to the custom startup script you have to add to get Mullvad working (near the bottom of the above article).
The exact lines are as follows:
Code:
route del default
route add default dev oet1
When I remove these then Mullvad doesn't connect but my second WireGuard tunnel finally gets a handshake connection. I have no idea what I am doing with routing and spent about 8 hours talking to AI trying different firewall rules etc for the dd-wrt commands area and no matter what I did I couldn't get both WireGuard tunnels working at the same time. Does anyone understand routing and the code at the above article enough to help me get both working?
Thanks to anyone who takes time to help me, much appreciated!
Joined: 16 Nov 2015 Posts: 6753 Location: UK, London, just across the river..
Posted: Mon Nov 04, 2024 8:35 Post subject:
lots of work on WG and tunnels ever since 44715...this is very old and buggy build with security holes and not updated binaries, update to the new build is very recommended, than reset and manually reconfigure...do not load settings from save file from a different builds, than refer to the WG guides @ advanced network stickies --> https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327397
Last build 58627 --> https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2024/11-03-2024-r58627/ _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 58184 WAP
TP-Link WR1043NDv2 -DD-WRT 59171 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 59302 Gateway/DoT,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 59171 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 59171 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Dynalink DL-WRX36-DDWRT 59171
Broadcom
Netgear R7000 --DD-WRT 58976 Gateway/SmartDNS/DoT,AD-Block,IPsetFirewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 18 Mar 2014 Posts: 13499 Location: Netherlands
Posted: Mon Nov 04, 2024 13:05 Post subject:
Upgrade
After upgrade reset to defaults and put settings in manually
Then read the WG guides which are a sticky in this forum.
Running a concurrent WG client and WG server takes three mouse clicks and filling in `sport <wgserver-port>` in the PBR routing field routing this via the WAN in the WG client.
So I updated to build 58627 and finally got everything setup. Mullvad was much easier to connect now with no custom commands needed. I followed the tutorials on how to setup a WG server too but I seem to be stuck. I checked the tutorial multiple times to be sure my settings are correct but I still can't seem to connect over cell data. I can connect over Wifi with my phone but once I turn it off and use cell data I can't get a handshake. I do get an endpoint and a few KiB of transfer though so they seem to partially see each other. I did a port forward for the port I am using which I am attaching in a screenshot too. Lastly, I don't think this will matter but I wanted to note that I use a Pi for my DNS and so I do have the following added under "services > services > additional options":
Ok I disabled Mullvad and that seemed to do it. Now the WG server tunnel works on my cell data (not Wifi) and I got a handshake. I can also ping network devices via the phone too. Only thing I did notice is websites won't load. I then tried to ping the IP address of a site and it worked so something with the DNS I assumed. I didn't add a DNS to the WG server setup as I hoped it would default to the one my router uses through DNSmasq which routes through a Pi for filtering, etc. Lastly, in the WG Tunnel app I am using on the phone I set the DNS in there to 8.8.8.8 just to test and then sites loaded. So I went back to the WG server tunnel in DDwrt and specified Peer Tunnel DNS to 8.8.8.8 and removed these from the WG Tunnel app and it didn't work. But this is a side issue, the main issue being the Mullvad client tunnel and WG server tunnel don't seem to be able to work simultaneously right now.
Joined: 18 Mar 2014 Posts: 13499 Location: Netherlands
Posted: Sat Nov 09, 2024 7:19 Post subject:
ddwrtng24 wrote:
WAN IP: 98.115.xxx.xx
I also removed the port forwarding.
Your WAN IP shows you have a publicly available IP address so that is good
ddwrtng24 wrote:
Ok I disabled Mullvad and that seemed to do it. the main issue being the Mullvad client tunnel and WG server tunnel don't seem to be able to work simultaneously right now.
Of course it does not work simultaneously without PBR, we already discussed that in my earlier post I even pointed you to the exact chapter for you to read
ddwrtng24 wrote:
I didn't add a DNS to the WG server setup as I hoped it would default to the one my router uses through DNSmasq which routes through a Pi for filtering, etc. Lastly, in the WG Tunnel app I am using on the phone I set the DNS in there to 8.8.8.8 just to test and then sites loaded. So I went back to the WG server tunnel in DDwrt and specified Peer Tunnel DNS to 8.8.8.8 and removed these from the WG Tunnel app and it didn't work. But this is a side issue, the main issue being the Mullvad client tunnel and WG server tunnel don't seem to be able to work simultaneously right now.
Of course it does not work simultaneously without PBR, we already discussed that in my earlier post I even pointed you to the exact chapter for you to read
Oh my apologies, I did read over both manuals but perhaps I missed the chapter you pointed out. I will dig into this more. Thanks
egc wrote:
That is not how it works, please read the manual. DNS has to be set on the client and has nothing to do with the server other than that you can make a config file for your client with settings (which can include a DNS address for your client to use)
I saw this in the WG server manual:
"Peer Tunnel DNS: 8.8.8.8 or any other DNS server you trust. It is even possible to use your own DDWRT router as DNS server, in recent builds DNSMasq should listen on the WireGuard (oet) interface for DNS requests."
I thought that since I was using DNSMasq and was running a recent build it might work. But perhaps I am not understanding what this is saying?
I believe I got it all working now thanks to your help! For the DNS I just added my Pi IP in the WG tunnel app on the phone and it seems to be working.
Joined: 18 Mar 2014 Posts: 13499 Location: Netherlands
Posted: Sat Nov 09, 2024 17:31 Post subject:
ddwrtng24 wrote:
I saw this in the WG server manual:
"Peer Tunnel DNS: 8.8.8.8 or any other DNS server you trust. It is even possible to use your own DDWRT router as DNS server, in recent builds DNSMasq should listen on the WireGuard (oet) interface for DNS requests."
I thought that since I was using DNSMasq and was running a recent build it might work. But perhaps I am not understanding what this is saying?
Again, thanks for your time and help.
That is under Client Config, to make the config file you can import in your client