Page 2 of 3

Re: Wireguard on 1.3.0

Posted: Sun Feb 05, 2023 9:16 am
by ispyisail
OK, thank you.

Re: Wireguard on 1.3.0

Posted: Fri Jun 23, 2023 1:53 pm
by JeffinTx
Any news on this? I'm having the same issue.
I have two TP-Link Archer C7 v5 routers, both with 1.14.0
I also have tried with two C7 v2 routers.
Client to Server works great.
Server back to client (with client defined as having a subnet) does not work. Traceroute from server to client shows no hops successful.
Routing on both client and server have subnets routed to wg0 as expected.
When it works, it's great!!
Thanks as usual for the fantastic work and top-notch product!

Re: Wireguard on 1.13.0

Posted: Fri Jun 23, 2023 6:41 pm
by Lantis
Could you post your GUI settings please and a copy of the /etc/config/wireguard_gargoyle and /etc/config/network from both devices?
With the network config, please redact your wire guard keys and pppoe passwords if applicable.

Re: Wireguard on 1.13.0

Posted: Sat Jun 24, 2023 4:29 pm
by JeffinTx
Text posted again below. Posting with screenshots (.png) failed with error: Error Sorry, the board attachment quota has been reached.
---
*********Client**********
WAN: dhcp from ISP
LAN: 172.16.24.1/22

cat /etc/config/wireguard_gargoyle
config server 'server'
option enabled '0'
option ip '10.64.0.1'
option submask '255.255.255.0'
option port '51820'
option c2c 'false'
option lan_access 'true'
option all_client_traffic 'true'

config client 'client'
option ip '10.64.0.2'
option allow_nonwg_traffic 'true'
option enabled '1'
option private_key '<redacted>'
option public_key '<redacted>'
option allowed_ips '10.64.0.1/24,172.16.4.0/22,172.16.36.0/22,172.16.44.0/22,172.16.52.0/22'
option server_host 'gsohome.ddns.net'
option server_port '51820'
option server_public_key '<redacted>'

Success

cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config globals 'globals'
option ula_prefix 'fdc3:0b5b:c8f8::/48'

config device 'brlan_dev'
option name 'br-lan'
option type 'bridge'
list ports 'eth1.1'

config interface 'lan'
option device 'br-lan'
option proto 'static'
option ip6assign '60'
option ipaddr '172.16.24.1'
option netmask '255.255.252.0'
option ip6ifaceid '::1'
option dns '172.16.24.2 8.8.8.8 '

config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
option dns '172.16.24.2 8.8.8.8'
option peerdns '0'
option ipv6 '1'

config interface 'wan6'
option device 'eth0.2'
option proto 'dhcpv6'

config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'

config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 4 5 0t'

config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 6t'

config interface 'wg0'
option proto 'wireguard'
option private_key '<redacted>'
option listen_port '51820'
list addresses '10.64.0.2/32'

config wireguard_wg0 'wgserver'
option public_key '<redacted>'
list allowed_ips '10.64.0.1/24'
list allowed_ips '172.16.4.0/22'
list allowed_ips '172.16.36.0/22'
list allowed_ips '172.16.44.0/22'
list allowed_ips '172.16.52.0/22'
option route_allowed_ips '1'
option endpoint_host '<server url>'
option endpoint_port '51820'

Success

*********Server**********
WAN: dhcp from ISP
LAN: 172.16.4.1/22

cat /etc/config/wireguard_gargoyle
config server 'server'
option ip '10.64.0.1'
option submask '255.255.255.0'
option port '51820'
option lan_access 'true'
option c2c 'true'
option private_key '<redacted>'
option public_key '<redacted>'
option all_client_traffic 'false'
option enabled '1'

config client 'client'
option enabled '0'
option ip '10.64.0.2'
option allow_nonwg_traffic 'true'

config allowed_client '<name1>'
option id '<name1>'
option name '<Name1>'
option ip '10.64.0.2'
option remote '<server url>'
option public_key '<redacted>'
option private_key '<redacted>'
option enabled '1'
option subnet_ip '172.16.24.0'
option subnet_mask '255.255.252.0'

config allowed_client '<name2>'
option id '<name2>'
option name '<Name2>'
option ip '10.64.0.3'
option remote '<server url>'
option public_key '<redacted>'
option private_key '<redacted>'
option enabled '1'

config allowed_client '<name3>'
option id '<name3>'
option name '<Name3>'
option ip '10.64.0.4'
option remote '<server url>'
option public_key '<redacted>'
option private_key '<redacted>'
option enabled '1'

config allowed_client '<name4>'
option id '<name4>'
option ip '10.64.0.5'
option remote '<server2 url>'
option public_key '<redacted>'
option private_key '<redacted>'
option enabled '1'
option name '<Name4>'

config allowed_client '<name5>'
option id '<name5>'
option name '<Name5>'
option ip '10.64.0.6'
option remote '<server url>'
option subnet_ip '172.16.36.0'
option subnet_mask '255.255.252.0'
option public_key '<redacted>'
option private_key '<redacted>'
option enabled '1'

config allowed_client '<name6>'
option id '<name6>'
option name '<Name6>'
option ip '10.64.0.7'
option remote '<server url>'
option public_key '<redacted>'
option private_key '<redacted>'
option enabled '1'

config allowed_client '<name7>'
option id '<name7>'
option name '<Name7>'
option ip '10.64.0.8'
option remote '<server url>'
option subnet_ip '172.16.44.0'
option subnet_mask '255.255.252.0'
option public_key '<redacted>'
option private_key '<redacted>'
option enabled '1'

config allowed_client '<name8>'
option id '<name8>'
option name '<Name8>'
option ip '10.64.0.9'
option remote '<server url>'
option subnet_ip '172.16.52.0'
option subnet_mask '255.255.252.0'
option public_key '<redacted>'
option private_key '<redacted>'
option enabled '1'

Success


cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config globals 'globals'
option ula_prefix 'fde2:8ced:c8dc::/48'

config device 'brlan_dev'
option name 'br-lan'
option type 'bridge'
list ports 'eth1.1'

config interface 'lan'
option device 'br-lan'
option proto 'static'
option ip6assign '60'
option ipaddr '172.16.4.1'
option netmask '255.255.252.0'
option ip6ifaceid '::1'
option dns '172.16.4.2 66.187.76.168 8.8.8.8 '

config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
option ipv6 '1'
option dns '172.16.4.2 66.187.76.168 8.8.8.8'
option peerdns '0'

config interface 'wan6'
option device 'eth0.2'
option proto 'dhcpv6'

config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'

config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 4 5 0t'

config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 6t'

config interface 'wg0'
option proto 'wireguard'
option private_key '<redacted>'
option listen_port '51820'
list addresses '10.64.0.1/24'

config wireguard_wg0 '<name1>'
option public_key '<redacted>'
option route_allowed_ips '1'
list allowed_ips '10.64.0.2/32'
list allowed_ips '172.16.24.0/22'

config wireguard_wg0 '<name2>'
option public_key '<redacted>'
list allowed_ips '10.64.0.3/32'
option route_allowed_ips '1'

config wireguard_wg0 '<name3>'
option public_key '<redacted>'
list allowed_ips '10.64.0.4/32'
option route_allowed_ips '1'

config wireguard_wg0 '<name4>'
option public_key '<redacted>'
list allowed_ips '10.64.0.5/32'
option route_allowed_ips '1'

config wireguard_wg0 '<name5>'
option public_key '<redacted>'
list allowed_ips '10.64.0.6/32'
list allowed_ips '172.16.36.0/22'
option route_allowed_ips '1'

config wireguard_wg0 '<name6>'
option public_key '<redacted>'
list allowed_ips '10.64.0.7/32'
option route_allowed_ips '1'

config wireguard_wg0 '<name7>'
option public_key '<redacted>'
list allowed_ips '10.64.0.8/32'
list allowed_ips '172.16.44.0/22'
option route_allowed_ips '1'

config wireguard_wg0 '<name8>'
option public_key '<redacted>'
list allowed_ips '10.64.0.9/32'
list allowed_ips '172.16.52.0/22'
option route_allowed_ips '1'

Success

Re: Wireguard on 1.13.0

Posted: Sat Jun 24, 2023 6:07 pm
by ispyisail
Text posted again below. Posting with screenshots (.png) failed with error: Error Sorry, the board attachment quota has been reached.
Remote host screenshots on sites like Imgur

I use greenshot with Imgur built-in

Image

Re: Wireguard on 1.13.0

Posted: Wed Jun 28, 2023 8:10 am
by JeffinTx
I shared screen shots via private message

Re: Wireguard on 1.13.0

Posted: Thu Jun 29, 2023 5:32 am
by Lantis
Got it. Just don’t have time to look into it at the moment sorry.
All settings look fine so it needs a deep dive.

You can use openvpn in the meantime if you need the functionality.

Re: Wireguard on 1.13.0

Posted: Fri Jun 30, 2023 12:46 am
by JeffinTx
Lol...says you. I'm on Fedora 38 right now. They have a problem with the latest glibc library and openvpn. There are some workarounds for it that I may try, but right now openvpn doesn't work. Pretty sure it is not related to Gargoyle, though. I think your updates in 1.14 handle any problems it had, but Fedora still doesn'. All that said, the one directional Wireguard that does work satisfies anything I'd need vs. openvpn.

Re: Wireguard on 1.13.0

Posted: Sat Jul 08, 2023 9:00 pm
by JeffinTx
Does anyone else report having Wireguard working in both directions on Gargoyle, i.e., with devices in the Server LAN able to access devices behind the subnet of the Client LAN?

Wondering if it's me or if a broader issue.

Re: Wireguard on 1.13.0

Posted: Sun Jul 23, 2023 7:25 am
by Lantis
It’s not just you. I’m working on it.
If you set clients use it for all traffic it works fine bidirectional