Hi,
I am fighting with Wireguard config an need assistance, since Wireguard is pretty new for me.
Situation at home:
A DSL-light internet connection with IPv6 only (no IPv4 Adress) with a Fritzbox 7590 as the router to the internet. Other side of the Fritzbox is a IPv4 network (192.168.8.0/24). IP Fritzbox: 192.168.8.254
Situation remote:
RUTX50 with a SIM card. Provider assign an IPv4 and IPv6 address. Behind there is a WiFi with 192.168.10.0/24. IP RUTX50: 192.168.10.1
Target should be:
Site to site VPN over Wireguard where all clients on the remote site able to access all devices on home network.
Current Config:
RUTX50: Wireguard interface with generated Private and Public key. IP-addresses: 192.168.10.253/24; Adv. config: ListenPort: 51820
Peer config: 1 peer with public key of Fritzbox Wireguard interface; Endpoint host: âDynDNSâ of Fritzbox;
Allowed IPs: 0.0.0.0/0; Route allowed IPs: ON
ADv. Config: EndPoint port: Port which Fritzbox listening on; PSK: PSK of Fritzbox config file (downloaded after generate Fritzbox config); Persistent keep alive:25
Fritzbox: Assistant⌠set up network connect mode (hope all translations are correct )
The final result file here:
Unfortunately VPN is not establishingâŚ
Hope that somebody is able to help me here, since my travel starts soon and I need to have this working before⌠otherwise my travel need to get cancelled
Can you show me the logs of your RUTX50 establishing the wireguard tunnel to your fritzbox? this can be done by typing the logread command in the CLI of the router.
Note that donât just paste it here, you can copy the logs relating to wireguard only then just replace some IP details for security.
At the same time, kindly try pinging the dyndns domain name in the RUTX50 side to confirm if it can reach the said domain.
On the Frizbox configuration, can you add the Wireguard IP of RUTX50 (192.168.10.253/24) in the âAllowedIPsâ field.
If that doesnât work, would it be possible to change the wireguard IP address of the RUTX50 to any IP, (e.g. 10.0.0.1) just to be sure that it would not cause any conflict to its addressing since youâve mentioned that behind the RUTX50 is having an IP of 192.168.10.1 /24.
Then add that IP address to the AllowedIPs of the Frizbox config.
Pinging DynDNS address of the FB (Fritzbox) out of the CLI: succeeded
Adding something within the FB config: not possible (not know how, at least, since everything is greyed out after creating it and there is only a field called âremote networkâ during creation time. This entry is â192.168.10.0/24â at this time).
the log (hope it is complete):
Thu Dec 14 10:17:54 2023 daemon.notice netifd: Interface 'VPN_ASC' is setting up now
Thu Dec 14 10:17:54 2023 user.notice wireguard: Interface VPN_ASC mtu size changed from to 1420
Thu Dec 14 10:17:54 2023 daemon.notice netifd: Interface 'VPN_ASC' is now up
Thu Dec 14 10:17:54 2023 daemon.notice netifd: Network device 'VPN_ASC' link is up
Thu Dec 14 10:17:55 2023 user.warn mwan3-hotplug[10680]: hotplug called on VPN_ASC before mwan3 has been set up
Thu Dec 14 10:17:56 2023 daemon.notice netifd: Wireless device 'radio0' set retry=3
Thu Dec 14 10:17:56 2023 daemon.notice netifd: Wireless device 'radio1' set retry=3
Thu Dec 14 10:17:56 2023 user.notice firewall: Reloading firewall due to ifup of VPN_ASC (VPN_ASC)
Thu Dec 14 10:17:56 2023 daemon.notice hostapd: wlan0: AP-STA-DISCONNECTED xx:xx:xx:xx:xx:xx
Thu Dec 14 10:17:56 2023 kern.notice RUT_ASC_2G: WiFi client disconnected: xx:xx:xx:xx:xx:xx
Thu Dec 14 10:17:56 2023 daemon.notice hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: did not acknowledge authentication response
Thu Dec 14 10:17:56 2023 daemon.info hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 1)
Since Fritzbox as the internet gateway is very common at least in germany, I like to refer to that thread which finally solved my issue to help those of you who found this thread first:
)
