Solved WireGuard, What am I missing?

[916Area52]

Good morning,
Roy here,
Trying to configure Wireguard for my ASUS RT-AX86U Pro router w/Asuswrt-Merlin using the instructions located here, https://support.ipvanish.com/hc/en-us/articles/32477102551707-WireGuard-setup-for-AsusWRT-routers. After which, when I use IPVanish IP checker, it displays my true IP address.

Thanks in advance,
Roy

 

[bennor]

If you are setting up a Wireguard VPN client in the Asus-Merlin firmware, have you created a VPN Director rule entry for the Wireguard VPN client you have created? The VPN Director rule is what routes the individual network client or entire network through the VPN client tunnel. More on VPN Director here:

VPN Director

Third party firmware for Asus routers (newer codebase) - RMerl/asuswrt-merlin.ng

github.com

 

[916Area52]

@ bennor,
I have not... This is all new to me. This will take me awhile to investigate/explore.
Thank you for getting back and for the link.

 

[916Area52]

Update... Not getting it, yet. Still working on it.

 

[bennor]

Update... Not getting it, yet. Still working on it.

Probably a good idea to post your VPN Director Rule settings to others can review to see if there are any issues.

 

[elorimer]

In simple terms, nothing goes over the wireguard tunnel unless there is a VPN Director rule.

Also, IPVanish is pointing you to openvpn instructions, and stock not Merlin.

 

[916Area52]

@ bennor,
@ elorimer,
and @ SNB Forums,

bennor suggested that I should share, and am probably over sharing, but here go's...

Being as far removed from the Tech World as one could possibility be... As such, I purchased a RT-AX86U Pro w/asuswrt-Merlin firmware and with an OVPN protocol, pre-installed (FlashRouters).

I now have what I would consider a basic home network setup, having anyone that has access to my home network with the correct password(s), etcetera, are able to access the internet with the added security and anonymity that VPN's provide (IPVanish). I've since became aware that WireGuard protocol is more secure and faster than the OVPN protocol. And would like to setup my home network with this additional option. Being said, it has been a major challenge for me wrapping my head around the terminology used and the deployment there of. As an example, https://github.com/RMerl/asuswrt-merlin.ng/wiki/VPN-Director.

While researching home networking solutions. It was suggested the SNB Forum could/would possibly help.

Notes...

When adding additional OVPN servers using IPVanish OVPN configure downloads, I had to remove the "keysize 256" from the custom configuration in order to get it to work. I only knew this because the OPVN server that came pre-loaded from FlashRouters did not have "keysize 256". Attachment 5 is the original pre configuration from FlashRouters.

When I did get WireGuard connected. The speed was at least twice as fast as OPVN. But it showed my true IP address.

Back to the drawing board, I'll keep chipping away at getting WireGuard protocol as an option for my home network.

Any thoughts or suggestions would be welcomed. Please see attached

Thanks in advance, Roy

Edit... Attachment removed

 

[916Area52]

@ SNB Forum,
Additional attachments...

Edit... Attachments removed

 

[bennor]

@916Area52, what is the local network IP subnet for the router? Is it 172.21.25.x?
As a troubleshooting step; in the VPN Director Rule leave the Remote IP field blank and input the local network IP address for the local network client you want routed over the VPN tunnel into the Local IP field. Here is an example of a working VPN Director Rule for a specific local network client using both OpenVPN and WireGuard using ProtonVPN.

 

[916Area52]

@ bennor,


Edit... Removed attachments

 

[916Area52]

@ bennor,
I must still have something wrong?

Edit... Removed attachments

 

[916Area52]

I'd prefer it better if it shown as San Jose Ca. or anywhere else... Just not so close to home.

 

[bennor]

Out of curiosity, why do you you have a VPN Director Rule for the router itself (192.168.50.1)? What is your goal by doing so?

Without more information one can only guess at what's wrong. Is the screen capture showing "Your IP address is" showing your broadband/ISP provided IP address or is it showing the IP address of the VPN service?

Edit to add: A further suggestion. Start with just one single VPN Director Rule aimed at one specific local network client. Once you get that client working through the VPN tunnel you can move to expanding the rules to suit your use case.

 

[916Area52]

@ bennor,

"@916Area52, what is the local network IP subnet for the router? Is it 172.21.25.x?"

I actually don't know for sure. Where would I find the local network IP subnet for the router? 172.21.25.x was gleaned from attachment #5, Connected (Local: 172.21.25. - Public: 216.131.122.).

"Out of curiosity, why do you you have a VPN Director Rule for the router itself (192.168.50.1)? What is your goal by doing so?"

Blindly poking around, not knowing anything.

"Without more information one can only guess at what's wrong. Is the screen capture showing "Your IP address is" showing your broadband/ISP provided IP address or is it showing the IP address of the VPN service?"

It is, showing my broadband/ISP provided IP address.

"Edit to add: A further suggestion. Start with just one single VPN Director Rule aimed at one specific local network client. Once you get that client working through the VPN tunnel you can move to expanding the rules to suit your use case."

Before I continue, I need to wrap my brain around what you probably consider basic knowledge/information.

Can you recommend any reads/videos?

Currently I'm trying to learn/absorb this information https://routersecurity.org/ipaddresses.php

Thank you for your patients.

 

[bennor]

For simplicity's sake, use the router GUI Network Map > Clients to see the IP addresses of the local network clients. Note the IP address of the local network client you want to route through the VPN tunnel. Then input that specific client IP address into the VPN Director Rule's Local IP Address field.

You can likely find a number of internet posts on how to use VPN Director Rules by using your favorite internet search engine and searching for "asus-merlin how to use VPN Director rules".

Generally, if one isn't routing the entire local network through the VPN tunnel then they'll want to manually configure IP addresses for the network clients they want to route through the VPN tunnel using VPN Director Rules. One can either use the LAN > DHCP Server > Manual Assignment to assign IP addresses to local network clients or they can configure each client's network settings manually to set a static IP address. Generally, using manual or static IP addresses prevents the client IP address from changing.

 

[916Area52]

@ bennor,

Thank you for your willingness to share your knowledge and your patients.

Found a solution for my WireGuard VPN concerns.

ProtonVPN Merlin WireGuard Setup

Learn how to connect your entire network through ProtonVPN using WireGuard configuration for Asus Merlin firmware.

support.flashrouters.com

Starting at "Merlin Router Setup for ProtonVPN". Step 11 and a reboot was a game
changer for me. My home network now enjoys the added security, anonymity and speed that the WireGuard VPN protocol provides.

Again, Thank you

 

[916Area52]

@ SNB Forum

Solved... WireGuard, What am I missing?

 

[ColinTaylor]

@ SNB Forum

Solved... WireGuard, What am I missing?

FYI You can do this yourself without creating a new post. Edit your first post and change the title prefix from Wireguard to Solved.

 

[916Area52]

@ Colin Taylor,

Thanks for the heads-up