First of all: This is not strictly a DIETPI issue. My past experience is just, that here are highly skilled IT People and i hope im getting some hints/help, where the issues is. BUT i dont not expect any help. thanks for reading:
So i have following setup:
Router: Asus RT-AX86U
→ This has a Wireguard Server Function. So you can run a Wireguard Server out of the box.
Client: Amazon Fire TV 4K Max
I using the latest available .apk from the wireguard website. It links to the f-droid store and i used Version 1.0.20220516 (492)
So what i did until now:
I went to my asus router page, and used the Wireguard VPN Server Tab to create .conf files to connect with my client to the wireguard server.
First i tested a .conf file with my iphone and it worked perfectly. icould import the .conf file in the official wireguard client for iOS
than i created another .conf files designated for the fire tv stick 4k MAX.
I installed via f-droid and the Downloader app the wireguard client apk.
→ During Import of the .conf file i get the error:
Unable to import tunnel: Unknown section in Config
the file looking good. We basically have the same file on plain Wiregaurd install
Address = 10.9.0.2/24
PrivateKey = Yxxx=
# Comment the following to preserve the clients default DNS server, or force a desired one.
DNS = 10.9.0.1
# Kill switch: Uncomment the following, if the client should stop any network traffic, when disconnected from the VPN server
# NB: This requires "iptables" to be installed, thus will most likely not work on mobile phones.
#PostUp = iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
#PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
PublicKey = Dxxx=
# Tunnel all network traffic through the VPN:
# AllowedIPs = 0.0.0.0/0, ::/0
# Tunnel access to server-side local network only:
# AllowedIPs = 192.168.0.0/24
# Tunnel access to VPN server only:
# AllowedIPs = 192.168.0.11/32
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = your.ddns.com:51820
# Uncomment the following, if you're behind a NAT and want the connection to be kept alive.
#PersistentKeepalive = 25