Can't get Wireguard VPN server working on ER605 v2

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

Can't get Wireguard VPN server working on ER605 v2

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Can't get Wireguard VPN server working on ER605 v2
Can't get Wireguard VPN server working on ER605 v2
2023-04-29 21:05:11
Tags: #VPN #wireguard
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.1.2 Build 20230210 Rel.62992

I tried to set up the Wireguard server on the ER605v2 and can't get it to work.

The client seems to connect, but only SEND data, not receiving anything.

The instructions https://www.tp-link.com/us/support/faq/3559/ are not clear enough.

 

i.e. basically the LOCAL IP it's suggested "it is recommended not to have the same LAN IP as the router", so in the insctructions it's one IP off from the file server shown; why is this not showing the internal IP of the ER605 in the instructions? I don't get it...

 

In the client side these instructions are given:

 

Address = 10.0.0.1/24 (The interface IP address for the WireGuard VPN, it can fill in what you like)

 

It can fill in what you like... what does this mean? Do I put in a different network than the lan network, the same, what about the netmask here? Does it have to be 24???

 

In the instructions example, the internal network is 192.168.0.x and the IPs the Wireguard clients get are on the 10.0.0.x network?  Is there routing between the two? I.e, if I want my client to reach the 192.168.0.x network, do I need to do anything? What if I DON'T want the client to reach it?

 

Can someone shed some light on this please?

TY

  0      
  0      
#1
Options
18 Reply
Re:Can't get Wireguard VPN server working on ER605 v2
2023-04-29 22:36:45

  @words 

 

Technically your Wireguard clients must be in a different subnet from your LAN...hence the different subnet suggested.  If your existing LAN is 192.168.1.0/24 you could use 192.168.2.0/24 or 10.1.2.0/24 or whatever...anything but 192.68.1.0/24.  Your router will 'know' about both, and will by default allow routing between them.  If you don't want them to talk to each other, then put in whatever ACLs are needed.  Otherwise 10.0.0.2 can ping 192.168.1.19 (or whatever your subnets wind up being) and it will work.

<< Paying it forward, one juicy problem at a time... >>
  3  
  3  
#2
Options
Re:Can't get Wireguard VPN server working on ER605 v2
2023-05-01 14:44:34

  @d0ugmac1 Hi, seeing similar issues here - and my Peer "subnet" is different from the LAN subnet. I can ping devices upstream of the router (i.e. WAN side), but not on the LAN. And handshake is solid. It just seems like routing from Wireguard to the LAN is misconfigured somehow? Thoughts?

 

FYI, some Peers seem to work, others not - so something not quite configured right. I'd like to SSN in to the router, check the routes ... but not seeing how to SSH in?

 

Thanks!

  0  
  0  
#3
Options
Re:Can't get Wireguard VPN server working on ER605 v2
2023-05-01 14:57:50 - last edited 2023-05-01 14:58:42

I think you may have to enable SSH first. It does work once configured though, but not terribly useful. Here's what I can't do on my ER605v1 due to lack of access/permissions: 

 

 

<< Paying it forward, one juicy problem at a time... >>
  0  
  0  
#4
Options
Re:Can't get Wireguard VPN server working on ER605 v2
2023-05-01 17:00:34

  @d0ugmac1 OK, was hoping for real access ... LOL. Meaning - full OpenWrt commands.

 

How to enable access? Thanks!

  0  
  0  
#5
Options
Re:Can't get Wireguard VPN server working on ER605 v2
2023-05-01 17:07:57

  @words 

 

Well for that you need 'root' access, which requires a (lengthy) computed password based on the MAC of the device. Let me know if you figure it out :)

 

However, you probably won't see anything different than what is presented by either the Standalone GUI or Controller GUI in their respective 'Routing Table' pages.

<< Paying it forward, one juicy problem at a time... >>
  0  
  0  
#6
Options
Re:Can't get Wireguard VPN server working on ER605 v2
2023-05-05 11:33:26
Figured it out. Send me the MAC address of your router by PM.
<< Paying it forward, one juicy problem at a time... >>
  0  
  0  
#7
Options
Re:Can't get Wireguard VPN server working on ER605 v2
2023-06-18 07:35:42

  @words Did this get resolved somehow. I'm also facing issues getting the client to access anything on the lan side. wan access seems fine.

  0  
  0  
#8
Options
Re:Can't get Wireguard VPN server working on ER605 v2
2023-06-18 07:41:01
OK I figured this out in the end. I had created a 'wireguard' vlan in omada thinking it would be needed to place peers into. Turns out you don't need that. I deleted the vlan and boom everything works.
  0  
  0  
#9
Options
Re:Can't get Wireguard VPN server working on ER605 v2
2023-06-19 19:18:38

  @crembz no, I am not getting any luck with this at all, not sure what's up.

 

Trying to get this working from my Androind phone with Wireguard app. I've done the same with a Mango router (Wireguard VPN) and it was a breeze.

Not sure what's up with this ER605v2, I just can't get it to work, I've followed the instructions listed here: https://www.tp-link.com/us/support/faq/3559/

 

This made me laugh: 

  • The public key and the private key will automatically generate a string of random numbers, which can be modified without modification.

 

 

So not sure what I'm doing wrong, just can't get it to work.

Would love it if others chimed in, I don't have any fance setup, VLANs or otherwise..

  0  
  0  
#10
Options
Re:Can't get Wireguard VPN server working on ER605 v2
2023-06-20 12:34:46

  @words I'll try Posta step by step tomorrow with my settings. The video that was posted led me astray also.

  0  
  0  
#11
Options