Wireguard on 1.13.0

Report wireless and/or network connectivity problems in this forum.

Moderator: Moderators

ispyisail
Moderator
Posts: 5185
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: Wireguard on 1.3.0

Post by ispyisail »

OK, thank you.

JeffinTx
Posts: 27
Joined: Sat Jan 23, 2016 8:01 pm

Re: Wireguard on 1.3.0

Post by JeffinTx »

Any news on this? I'm having the same issue.
I have two TP-Link Archer C7 v5 routers, both with 1.14.0
I also have tried with two C7 v2 routers.
Client to Server works great.
Server back to client (with client defined as having a subnet) does not work. Traceroute from server to client shows no hops successful.
Routing on both client and server have subnets routed to wg0 as expected.
When it works, it's great!!
Thanks as usual for the fantastic work and top-notch product!

Lantis
Moderator
Posts: 6807
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: Wireguard on 1.13.0

Post by Lantis »

Could you post your GUI settings please and a copy of the /etc/config/wireguard_gargoyle and /etc/config/network from both devices?
With the network config, please redact your wire guard keys and pppoe passwords if applicable.
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

JeffinTx
Posts: 27
Joined: Sat Jan 23, 2016 8:01 pm

Re: Wireguard on 1.13.0

Post by JeffinTx »

Text posted again below. Posting with screenshots (.png) failed with error: Error Sorry, the board attachment quota has been reached.
---
*********Client**********
WAN: dhcp from ISP
LAN: 172.16.24.1/22

cat /etc/config/wireguard_gargoyle
config server 'server'
option enabled '0'
option ip '10.64.0.1'
option submask '255.255.255.0'
option port '51820'
option c2c 'false'
option lan_access 'true'
option all_client_traffic 'true'

config client 'client'
option ip '10.64.0.2'
option allow_nonwg_traffic 'true'
option enabled '1'
option private_key '<redacted>'
option public_key '<redacted>'
option allowed_ips '10.64.0.1/24,172.16.4.0/22,172.16.36.0/22,172.16.44.0/22,172.16.52.0/22'
option server_host 'gsohome.ddns.net'
option server_port '51820'
option server_public_key '<redacted>'

Success

cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config globals 'globals'
option ula_prefix 'fdc3:0b5b:c8f8::/48'

config device 'brlan_dev'
option name 'br-lan'
option type 'bridge'
list ports 'eth1.1'

config interface 'lan'
option device 'br-lan'
option proto 'static'
option ip6assign '60'
option ipaddr '172.16.24.1'
option netmask '255.255.252.0'
option ip6ifaceid '::1'
option dns '172.16.24.2 8.8.8.8 '

config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
option dns '172.16.24.2 8.8.8.8'
option peerdns '0'
option ipv6 '1'

config interface 'wan6'
option device 'eth0.2'
option proto 'dhcpv6'

config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'

config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 4 5 0t'

config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 6t'

config interface 'wg0'
option proto 'wireguard'
option private_key '<redacted>'
option listen_port '51820'
list addresses '10.64.0.2/32'

config wireguard_wg0 'wgserver'
option public_key '<redacted>'
list allowed_ips '10.64.0.1/24'
list allowed_ips '172.16.4.0/22'
list allowed_ips '172.16.36.0/22'
list allowed_ips '172.16.44.0/22'
list allowed_ips '172.16.52.0/22'
option route_allowed_ips '1'
option endpoint_host '<server url>'
option endpoint_port '51820'

Success

*********Server**********
WAN: dhcp from ISP
LAN: 172.16.4.1/22

cat /etc/config/wireguard_gargoyle
config server 'server'
option ip '10.64.0.1'
option submask '255.255.255.0'
option port '51820'
option lan_access 'true'
option c2c 'true'
option private_key '<redacted>'
option public_key '<redacted>'
option all_client_traffic 'false'
option enabled '1'

config client 'client'
option enabled '0'
option ip '10.64.0.2'
option allow_nonwg_traffic 'true'

config allowed_client '<name1>'
option id '<name1>'
option name '<Name1>'
option ip '10.64.0.2'
option remote '<server url>'
option public_key '<redacted>'
option private_key '<redacted>'
option enabled '1'
option subnet_ip '172.16.24.0'
option subnet_mask '255.255.252.0'

config allowed_client '<name2>'
option id '<name2>'
option name '<Name2>'
option ip '10.64.0.3'
option remote '<server url>'
option public_key '<redacted>'
option private_key '<redacted>'
option enabled '1'

config allowed_client '<name3>'
option id '<name3>'
option name '<Name3>'
option ip '10.64.0.4'
option remote '<server url>'
option public_key '<redacted>'
option private_key '<redacted>'
option enabled '1'

config allowed_client '<name4>'
option id '<name4>'
option ip '10.64.0.5'
option remote '<server2 url>'
option public_key '<redacted>'
option private_key '<redacted>'
option enabled '1'
option name '<Name4>'

config allowed_client '<name5>'
option id '<name5>'
option name '<Name5>'
option ip '10.64.0.6'
option remote '<server url>'
option subnet_ip '172.16.36.0'
option subnet_mask '255.255.252.0'
option public_key '<redacted>'
option private_key '<redacted>'
option enabled '1'

config allowed_client '<name6>'
option id '<name6>'
option name '<Name6>'
option ip '10.64.0.7'
option remote '<server url>'
option public_key '<redacted>'
option private_key '<redacted>'
option enabled '1'

config allowed_client '<name7>'
option id '<name7>'
option name '<Name7>'
option ip '10.64.0.8'
option remote '<server url>'
option subnet_ip '172.16.44.0'
option subnet_mask '255.255.252.0'
option public_key '<redacted>'
option private_key '<redacted>'
option enabled '1'

config allowed_client '<name8>'
option id '<name8>'
option name '<Name8>'
option ip '10.64.0.9'
option remote '<server url>'
option subnet_ip '172.16.52.0'
option subnet_mask '255.255.252.0'
option public_key '<redacted>'
option private_key '<redacted>'
option enabled '1'

Success


cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config globals 'globals'
option ula_prefix 'fde2:8ced:c8dc::/48'

config device 'brlan_dev'
option name 'br-lan'
option type 'bridge'
list ports 'eth1.1'

config interface 'lan'
option device 'br-lan'
option proto 'static'
option ip6assign '60'
option ipaddr '172.16.4.1'
option netmask '255.255.252.0'
option ip6ifaceid '::1'
option dns '172.16.4.2 66.187.76.168 8.8.8.8 '

config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
option ipv6 '1'
option dns '172.16.4.2 66.187.76.168 8.8.8.8'
option peerdns '0'

config interface 'wan6'
option device 'eth0.2'
option proto 'dhcpv6'

config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'

config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 4 5 0t'

config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 6t'

config interface 'wg0'
option proto 'wireguard'
option private_key '<redacted>'
option listen_port '51820'
list addresses '10.64.0.1/24'

config wireguard_wg0 '<name1>'
option public_key '<redacted>'
option route_allowed_ips '1'
list allowed_ips '10.64.0.2/32'
list allowed_ips '172.16.24.0/22'

config wireguard_wg0 '<name2>'
option public_key '<redacted>'
list allowed_ips '10.64.0.3/32'
option route_allowed_ips '1'

config wireguard_wg0 '<name3>'
option public_key '<redacted>'
list allowed_ips '10.64.0.4/32'
option route_allowed_ips '1'

config wireguard_wg0 '<name4>'
option public_key '<redacted>'
list allowed_ips '10.64.0.5/32'
option route_allowed_ips '1'

config wireguard_wg0 '<name5>'
option public_key '<redacted>'
list allowed_ips '10.64.0.6/32'
list allowed_ips '172.16.36.0/22'
option route_allowed_ips '1'

config wireguard_wg0 '<name6>'
option public_key '<redacted>'
list allowed_ips '10.64.0.7/32'
option route_allowed_ips '1'

config wireguard_wg0 '<name7>'
option public_key '<redacted>'
list allowed_ips '10.64.0.8/32'
list allowed_ips '172.16.44.0/22'
option route_allowed_ips '1'

config wireguard_wg0 '<name8>'
option public_key '<redacted>'
list allowed_ips '10.64.0.9/32'
list allowed_ips '172.16.52.0/22'
option route_allowed_ips '1'

Success

ispyisail
Moderator
Posts: 5185
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: Wireguard on 1.13.0

Post by ispyisail »

Text posted again below. Posting with screenshots (.png) failed with error: Error Sorry, the board attachment quota has been reached.
Remote host screenshots on sites like Imgur

I use greenshot with Imgur built-in

Image

JeffinTx
Posts: 27
Joined: Sat Jan 23, 2016 8:01 pm

Re: Wireguard on 1.13.0

Post by JeffinTx »

I shared screen shots via private message

Lantis
Moderator
Posts: 6807
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: Wireguard on 1.13.0

Post by Lantis »

Got it. Just don’t have time to look into it at the moment sorry.
All settings look fine so it needs a deep dive.

You can use openvpn in the meantime if you need the functionality.
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

JeffinTx
Posts: 27
Joined: Sat Jan 23, 2016 8:01 pm

Re: Wireguard on 1.13.0

Post by JeffinTx »

Lol...says you. I'm on Fedora 38 right now. They have a problem with the latest glibc library and openvpn. There are some workarounds for it that I may try, but right now openvpn doesn't work. Pretty sure it is not related to Gargoyle, though. I think your updates in 1.14 handle any problems it had, but Fedora still doesn'. All that said, the one directional Wireguard that does work satisfies anything I'd need vs. openvpn.

JeffinTx
Posts: 27
Joined: Sat Jan 23, 2016 8:01 pm

Re: Wireguard on 1.13.0

Post by JeffinTx »

Does anyone else report having Wireguard working in both directions on Gargoyle, i.e., with devices in the Server LAN able to access devices behind the subnet of the Client LAN?

Wondering if it's me or if a broader issue.

Lantis
Moderator
Posts: 6807
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: Wireguard on 1.13.0

Post by Lantis »

It’s not just you. I’m working on it.
If you set clients use it for all traffic it works fine bidirectional
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

Post Reply