Wireguard Client on LibreELEC 9.2.8

    hi to all, i'm Paolo...

    i did a lot of research and tests, i generally like to find solutions by myself ... but i don't know what else to try so i'm asking your help...

    i'm trying to configure WG Client on raspbery PI 2 using LibreELEC 9.2.8 to connect to an OpenWRT router... i think i've done all the configurations required but it doesn't work...

    connmanctl services show me the VPN i've configured... "WireGuard VPN Tunnel vpn_<my selected name>"

    the config file seems to be correct...

    [provider_wireguard]

    Type = WireGuard

    Name = WireGuard VPN Tunnel

    Host = <OpenWRT ddns ip>

    WireGuard.Address = <my Client internal IP>/32

    WireGuard.PrivateKey = <client generated Private KEY>

    WireGuard.PublicKey = <OpenWRT Server Public KEY>

    WireGuard.DNS = 8.8.8.8, 1.1.1.1

    WireGuard.AllowedIPs = 0.0.0.0/0

    WireGuard.EndpointPort = WG Server Listening port

    WireGuard.PersistentKeepalive = 25

    on OpenWRT router i've configured the Peer with <my Client internal IP>/32 and Public Client KEY...

    when i use connmanctl connect vpn_<my selected name> it goes UP and on OpenWRT Wireguard Status i see some Tx and RX bytes but Last Handshakes reports "never"...

    this is what on OpenWRT

    this is my LibreELEC...

    i'm sure.. keys are corrects .. possible are they wrong ?

    Wireguard server on OpenWRT works correctly... i've tested using the same source connection (other modem) ... using my android phone in wifi connected works.. using LibreELEC Kodi wired connection it does'n work.. :(

    thank's to all

    [provider_wireguard]

    Type = WireGuard

    Name = WireGuard VPN Tunnel <= make this OpenWRT (or WireGuard or anything one-word)

    Host = <OpenWRT ddns ip>

    WireGuard.Address = <my Client internal IP>/32 <= make this /24

    WireGuard.PrivateKey = <client generated Private KEY> <= use the client private key generated by OpenWRT

    WireGuard.PublicKey = <OpenWRT Server Public KEY>

    WireGuard.DNS = 8.8.8.8, 1.1.1.1

    WireGuard.AllowedIPs = 0.0.0.0/0

    WireGuard.EndpointPort = WG Server Listening port

    WireGuard.PersistentKeepalive = 25

    ^ OpenWRT prob. generated a set of keys to use on the client end, as that's what's imported when you scan the QR code on a mobile device to import keys and config. So use those instead of generating your own.

    Hi man... thank's for the suggestion :) :thumbup: but nothing is changed ...

    theese are the steps following your suggestion..

    i generated new keys in OpenWRT server (wg genkey | tee wgclient.key | wg pubkey > wgclient.pub) ... i changed the peer's Public on server using new .pub , i used new private key in .config on LibreELEC client

    changed "WireGuard VPN Tunnel" with a one-word and WireGuard.Address = the same IP /24 , leaving peer on server always IP/32 (i also tried IP /24 )

    after modify i rebooted LibreELEC and restarted Wg adapter on router

    what else . i don't know...

    OpenWRT Firewall accept WG UDP port from WAN (of course... otherwise Android wouldn't even work.. :D )

    i've no idea what else to try... :(

    Last update...

    i tried with the same Keys of Android device, using same IP too... and the result is always the same ;(

    no handshake....

    i'm thinking about something missing or wrong in my LibreEL PI 2 B ...

    is there something i can check or verify on LE configurations ? ... sw ? config ? network ? ... iptables are disabled...

    or maybe something on openWRT ? ... something that works with Android and not with LE...

    i really don't know what to look for... ?(

    thaks for your patience..

    hey.... effectively that configuration is correct :) ;) :thumbup:

    the problem i using myDynDNS in LE wireguard .config file... using <myDynDNS> registered in dyndns.it handshake doesn't works, but if i use the really IP address, handshake is correct and VPN goes UP ...

    i tried using both configurations in LE .. DHCP and StaticIP with google DNS.. but is the same

    nslookup show my correct IP... but MyDDNS works only in Android Client and not in LE ... ?(

    any idea ?

    Using a wireguard client in LibreELEC with a DDNS server can cause a terrible headache. In CoreELEC it is very easy to do this in the following way:

    1.- Install entware, command: installentware

    2.- Install entware-wireguard, commands:

    opkg install wg-quick

    opkg install wireguard-tools

    opkg install wireguard-go

    3.- Create wg0 as file /opt/etc/wireguard/wg0.conf with the content similar to this:

    [Interface]

    Address = 10.10.10.5 # local-ip-of-wg-interface

    PrivateKey = ... # private-key

    ListenPort = 51820 # wg-port

    [Peer]

    PublicKey = ... # public-key

    Endpoint = <dynamic-dns-of-server>:51820

    AllowedIPs = 0.0.0.0/1,128.0.0.0/1 # instead of 0.0.0.0/0


    4.- Start the wireguard service with the command: /opt/bin/wg-quick up wg0

    Note.- If you don't want to redirect all traffic to wireguard interface and want to keep the default route, then you can use

    AllowedIPs = 10.10.10.0/24, where 10.10.10.0 is the wireguard subnet