Hey,
I’m still struggling to get VPN work and just as last chance I connected Brume2 directly to the ISP router, but I still get no connection for the wireguard client to the internet. In this case there is no extra network with ipfire, just direct connection to the ISP router (with firewall on). So I made it this way:
ISP router 192.168.178.1
Brume2 LAN 192.168.178.2
set ISP router as gateway in LUCY (didn’t understand why this essential setting is not in the normal web GUI)
Port forwarding to the LAN address of the Brume2 for wireguard on the ISP router
Wireguard server with 10.0.0.2
Wireguard client with 10.0.0.3
tested MTU: 1420, 1380, 1320
tested DNS server: 1.1.1.1 and some privacy friendly ones
In the dashboard of the wireguard, I see connected Client, So dynDNS and port forwarding work.
But I get no connection to the internet with my smartphone connected to Brume2.
I will try to connect with another hardware, to see if it has to do something with my smartphones OS.
But maybe somebody can understand the failure just with these settings.
Is there any way you can get your ISP ‘router’, which I also presume is also the modem, to be just a modem? Is there some way to set it to (ideally) bridged mode but failing that the ability to set a IP on a DMZ (eg: Burme 2’s IP)?
Pardon my soapbox for a moment but those damn ‘all in one’ wifi/router/modem combo pieces of shyte ISPs give you are for those who’d never think to use a router-based VPN never mind get a device capable of VPN Cascading.
(Man oh man; your patience is not to be underestimated. Impressive.)
ok, but how do I set the IP of the WAN port and how does it work without setting gateway if I have no DHCP for example? If I set WAN to static in LUCY, I still can not change these settings (as it seems, it has to do with “switch protocol”). But should I switch if I have no DHCP?
in LUCY I think, because I didn’t find this setting in the regular web GUI.
So I set the static IP and the gateway in LUCY, but I can not access the web GUI now. My ISP router shows, that the Brume2 is connected with the IP, I gave it, but I get no ping and no connection to it.
I opened the port 80 and 22 in the firewall.
maybe it’s because I use the same IP for the LAN? But I don’t use them (WAN and LAN) both at the same time. Just switch them, for the connection to the WAN port don’t work.
Could we start a remote check to see what happens?
You may try to do a factory reset in case you config many settings and missed something.
It’s not too complicated to set up according to docs WireGuard Server - GL.iNet Router Docs 4
It turns out to enable wireguard server to serve on LAN port, providing Internet access to wireguard client,
you need to enable LAN masquerading and related forwarding rule, use the following command:
# enable wireguard server to LAN forwarding
uci set firewall.wgserver2lan=forwarding
uci set firewall.wgserver2lan.src='wgserver'
uci set firewall.wgserver2lan.dest='lan'
uci set firewall.wgserver2lan.enabled='1'
# set LAN masquerading
uci set firewall.@zone[0].masq='1'
uci set firewall.@zone[0].masq6='1'
uci commit firewall
/etc/init.d/firewall reload
but why so complicated for my setup is just a normal connection to the ISP router (just something that I suppose nearly everybody will do with Brume2)?
So wireguard did not forward the clients to the internet. Was it a bug in the firmware?
but I also tried the WAN port with the same result.
WAN of brume2 - connected to the ISP router with the same settings I wrote to you.
#Edit:
reset the device, open ports in firewall for 80,443 and 22, connected WAN to ISP router and everything works. Sorry for the chaos!
No I’ll try to implement the thing that way into my ipfire network and the DMZ.
I must change the IP of the WAN and gateway for it (so must set it to static). Are there possible problems concerning that?
#Edit2:
as it seems, no problems. Connected with LAN, changes WAN IP and gateway, changed port forwarding in ISP router, connected it to the DMZ and it works (with settings I already set in ipfire).