Can't get Wireguard VPN server working on ER605 v2
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.Can't get Wireguard VPN server working on ER605 v2
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
I tried to set up the Wireguard server on the ER605v2 and can't get it to work.
The client seems to connect, but only SEND data, not receiving anything.
The instructions https://www.tp-link.com/us/support/faq/3559/ are not clear enough.
i.e. basically the LOCAL IP it's suggested "it is recommended not to have the same LAN IP as the router", so in the insctructions it's one IP off from the file server shown; why is this not showing the internal IP of the ER605 in the instructions? I don't get it...
In the client side these instructions are given:
Address = 10.0.0.1/24 (The interface IP address for the WireGuard VPN, it can fill in what you like)
It can fill in what you like... what does this mean? Do I put in a different network than the lan network, the same, what about the netmask here? Does it have to be 24???
In the instructions example, the internal network is 192.168.0.x and the IPs the Wireguard clients get are on the 10.0.0.x network? Is there routing between the two? I.e, if I want my client to reach the 192.168.0.x network, do I need to do anything? What if I DON'T want the client to reach it?
Can someone shed some light on this please?
TY
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
@crembz which video?
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
I managed to fix it by using 192.168.0.2 as the Wireguard Local IP address instead of 10.6.0.1in the Wireguard tab. In the Peers tab I use 10.6.0.2/32 etc as the Allowed address for the peers. The reason that routing was not working was that I also had a Raspberry Pi4 with wireguard installed using the same Allowed Address 10.6.0.1/32 I changed that in 20.6.0.1/32 and tje local routing worked. for my configuration
- Copy Link
- Report Inappropriate Content
I tried this thread but couldnt get it to work -- this one did though!!
https://community.tp-link.com/en/business/forum/topic/613742?replyId=1222646
- Copy Link
- Report Inappropriate Content
I had the exact same issue.
Once i deleted the VLAN, it started working!
But the problem is that from the client side (my windows machine) I can only access nodes within the default VLAN (1).
But I need to be able to access nodes with in my vlans. Any ideas?
- Copy Link
- Report Inappropriate Content
I managed to get this working, however it's so difficult setting this up all manually...
I had (have) a little Mango (gl. inet) before this since ER605 did not have wireguard when I got it, the Mango unit makes it super easy to set up Wireguard profiles, it's a one click automated process, prepopulates everything and offers a barcode and/or the actual text one can save to a file and import into the wireguard client app. Takes 5 seconds.
Why can't this unit have the same thing I understand they are both based on openWRT, no? Why not bring this wizard to the ER605 as well.
As a matter of fact I'm still using the mango for the Wireguard VPN server just because it's so simple to set up profiles, although not powerful, enough when I'm away
- Copy Link
- Report Inappropriate Content
Hi @words
words wrote
I managed to get this working, however it's so difficult setting this up all manually...
I had (have) a little Mango (gl. inet) before this since ER605 did not have wireguard when I got it, the Mango unit makes it super easy to set up Wireguard profiles, it's a one click automated process, prepopulates everything and offers a barcode and/or the actual text one can save to a file and import into the wireguard client app. Takes 5 seconds.
Why can't this unit have the same thing I understand they are both based on openWRT, no? Why not bring this wizard to the ER605 as well.
As a matter of fact I'm still using the mango for the Wireguard VPN server just because it's so simple to set up profiles, although not powerful, enough when I'm away
If you take a look at the WG official guide, the setup is not as easy as OpenVPN. When fiddling with the parameters, it is very easy to get lost as there is no such a server/client in WireGuard. To be honest, WG requires basic network knowledge and an understanding of routing. And you have to keep a clear mind understanding the basic parameters.
If you dig in the WG guide, this is also the reason why it is faster than OVPN. It ditches the unnecessary stuff and falls to the most basic parameters and config. If not necessary, it does not add it to the protocol.
We don't bring unnecessary features to the device due to the limitation of memory and space. Setup wizard, to be honest, isn't quite helpful if you still have trouble understanding how WG works. WG requires a basic reading on configuration and an understanding of how it works. It might be helpful for your scenario, but from our perspective, if the product targets users who are familiar with networking, then it only makes the firmware bloated. If you take a look at the VPNs we support, we never set up a Wizard for it. Same for many other brands.
And OpenWRT or any open-source software is currently not under our consideration.
- Copy Link
- Report Inappropriate Content
I appreciate the response. It looks like I am not the only one that had trouble configuring the WG VPN server to get it working though, so my comment may apply to others beside me, even more familiar than me with networking (I'm no expert). If you have to create 10+ WG VPN users manually, the existing process leaves a lot of room for human error, something which a configuration wizard could address - that's all :)
Cheers!
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 6800
Replies: 18
Voters 0
No one has voted for it yet.