Wireguard Fritzbox Network Topic is solved

[Ewies]

Hi there,

Who could tell me what I need for a config for Wireguard to be able to access my Fritzbox on the whole network?

My Fritzbox 192.168.178.1
IP DietPi 192.168.178.102

sincerely yours

[Joulinar]

Hi,

what exactly is your issue? Are you able to connect to your WireGuard Server already?

Usually no need to configure anything on the WireGuard Server but you would need to forward the correct UDP port on your FritzBox.

[Ewies]

Hi there,

when i start the wirguard app on my android i don't get an error message and it shows as connected but i can't reach and select a single device.

The port on the Fritzbox is on UDP:51820

here is my current config but had tried it with many others and always the same no answer from any device in the Fritzbox network.

Server Config

Code: Select all

[Interface]
Address = 192.168.178.102/24
ListenPort = 51820

PrivateKey = <PrivateKey>
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

# Client1 Smartphone
[Peer]
PublicKey = <PublicKey>
AllowedIPs = 192.168.178.103/32

Client Config

Code: Select all

[Interface]
PrivateKey = <PrivateKey>
Address = 192.168.178.102
DNS = 192.168.178.1

[Peer]
PublicKey = <PublicKey>
Endpoint = xxxxx-xxxxx.de:51820
AllowedIPs = 0.0.0.0/0, 192.168.178.0/24
PersistentKeepalive = 25

---

Edit by Moderator:
keys removed

[DarrenHill]

Firstly posting private keys like the above in public is not a good idea. I would remove them as soon as you can from your post and then regenerate new ones on your devices.

Your problem is you're mixing up the IP addresses of your normal network (your 192.168.178.x) with the proposed IP range of the wireguard network. They should be entirely separate, whereas you've got them on the same range.

I would suggest something like this:

Client:

Code: Select all

[Interface]
Address = 10.10.0.2/24
PrivateKey = <client private key>
ListenPort = 51820
DNS = 192.168.178.1

[Peer]
Endpoint = <public IP address of your network>:51820
PublicKey = <server public key>
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 25

Server:

Code: Select all

[Interface]
Address = 10.10.0.1/16
PrivateKey = <server private key>
ListenPort = 51820
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

# Client 1
[Peer]
PublicKey = <client public key>
AllowedIPs = 10.10.0.2/32

That will generate a Wireguard network on 10.10.0.x with your server on 10.10.0.1 and your client on 10.10.0.2 . You will of course need to add in the generated private and public keys in the various places for the relevant devices, and also the public IP address of your Fritzbox (not 192.168.178.1 but whatever IP address your ISP has assigned you). The port forwarding needs to be set up on the Fritzbox to point at the network address of the Wireguard server ( 192.168.178.102 in this case).

Note if your ISP does not provide you with a static public IP address, you may want to consider a DDNS service like noip.com as the assigned address will change periodically otherwise and things will break.

For additional clients, set something up similar but increment the 10.10.0.2 to 10.10.0.3 or whatever in the same overall range. Give each client their own client file and add the details to the end of the server one after the existing clients.

[Joulinar]

@Ewies
I removed you privat and public keys. As already mention by @DarrenHill, I would recommand to generate new keys as well.

In general DietPi software installation will setup Wireguard already that way, that it will create correct IP range and VPN interface. There is no need to change this network settings.

@DarrenHill
many thanks for your post. I agree 100% with your post