Solved Wireguard Server + Android = How to Setup correctly?

Mariano

New Around Here
I am really happy about the wireguard server option! Unfortunately I can´t setup my android device to use it.

problem:
- no internet access after enabling VPN with the wireguard app
- get a message that my manual chosen DNS server is not working for this
- deactivating DNS Settings or setting them to automatic doesn´t solve the problem either.
- The "allow DNS" option on the VPN Server section is enabled, disabling didn´t solve the problem.

setup process:
- I used the QR Code method only (no certificates or LetsCrypt thngs)
- checked the setup process with this tutorial
- I just want to access my LAN from outside. Not my router.



Devices
- Android 13 GrapheneOS.
- Asus AX86U with Firmware: 388.1
- FritzBox Modem Router with integrated firewall ( Maybe thats the problem?)

EDIT: I setup a DMZ for the router and it did not help.
 
Last edited:

ZebMcKayhan

Very Senior Member
I am really happy about the wireguard server option! Unfortunately I can´t setup my android device to use it.

problem:
- no internet access after enabling VPN with the wireguard app
- get a message that my manual chosen DNS server is not working for this
- deactivating DNS Settings or setting them to automatic doesn´t solve the problem either.
- The "allow DNS" option on the VPN Server section is enabled, disabling didn´t solve the problem.

setup process:
- I used the QR Code method only (no certificates or LetsCrypt thngs)
- checked the setup process with this tutorial
- I just want to access my LAN from outside. Not my router.



Devices
- Android 13 GrapheneOS.
- Asus AX86U with Firmware: 388.1
- FritzBox Modem Router with integrated firewall ( Maybe thats the problem?)

EDIT: I setup a DMZ for the router and it did not help.
I cant run 388.1 since I have an AC-86U router but I could try to help.

Try install pingtools for Android. It may help you diagnose the connection wheither it is a dns problem or connection issue.

I think I found an error in the link you followed:
It is very important that the VPN client has the addresses 0.0.0.0/1 to redirect all network traffic through the VPN, otherwise we will have a “split-tunnel”, that is, we can have access to the local network but not redirect network traffic. In principle, we should not touch this configuration that it proposes.
I dont know why the author states 0.0.0.0/1 when it should be 0.0.0.0/0. By following this you would create just the "split-tunnel" the author warns about (ironic).

What specifically are you trying to reach on your lan? Some NAS? Router gui? How are you trying to reach it? mDNS does not work over vpn so you can't use its share name, you need to use its ip.

Windows machines are notoriously difficult to connect to since your phone is on a different subnet (Unless Asus/@RMerlin uses inbound masquarade)

Finally if you still have issues, post your conf file here (use some qrcode to text app?) But remove all keys and public ips before. Ill take a look if something does not seem right.
 

Zastoff

Very Senior Member
I setup a wireguard server during the alpha testing and it works nice here for me, But i set it without intranet access since i have openvpn server when that is needed.
Also used the qr code to connect my android phone it worked flawlessly.
Do you have a DDNS configured?
 

Mariano

New Around Here
@ZebMcKayhan
Thank you for your reply.
I tried a network scanner and found out, that my device is not connecting to the router. Connecting to the VPN Server through WIFI seems to work and I got a green check mark on the VPN Wireguard register, telling me, that the device is connected. It`s not shown when I try it over LTE.
I also tried the 0.0.0.0/0 setting.
My main goal is to use my cam local only through a VPN connection.
So its seems clear now, that I can´t connect from outside.

@Zastoff
Thank you for your reply.
I don´t have a DDNS configured. Do I need one?
 

Zastoff

Very Senior Member
I would try that, the VPN server will use your ddns address instead of the routers(wan) ip and update when needed (if ip changes)
 

Mariano

New Around Here
I would try that, the VPN server will use your ddns address instead of the routers(wan) ip and update when needed (if ip changes)
Tried. IP adress is shown correctly on the ddns service site, but I cant connect with wireguard.

The wireguard app is saying 0 b recieved.


EDIT
After setting up everything on the wireguard tab again, with DDNS enabled, it is working now. Awsome! Thank you!
 
Last edited:

Mariano

New Around Here
Finally if you still have issues, post your conf file here (use some qrcode to text app?) But remove all keys and public ips before. Ill take a look if something does not seem right.

Another Question on this topic.

Is it possible to connect from outside to a specific device? It seems like I have to mess with the Firewall-General inbound settings?
 

ZebMcKayhan

Very Senior Member
Is it possible to connect from outside to a specific device? It seems like I have to mess with the Firewall-General inbound settings?
dont know how Asus/Merlin implements this, I think there is some switch in the VPN config to enable inbound firewall rules. you should be able to contact any device using the device ip. Then wheither or not the device accepts you is another topic. many devices (like NAS) have their own inbound firewall rules that only accept connection from the same subnets (192.168.50.x). but as stated earlier, I dont know if inbound masquarade is used or not. try to connect to your devices and see what happens.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top