Wireguard & OpenWRT
Goal: setup my Android handset so that it can connect remotely to hosts on my home network
Follow the OpenWRT Wiki guide for general Wireguard setup.
Addressing
My handset typically doesn’t have IPv6 Internet connectivity, so Wireguard traffic will be over IPv4. However traffic inside the tunnel can be over IPv6.
Name | IP |
---|---|
Home IPv6 ULA 1 | fd2c:cfce:c1ce::/48 |
Home WAN IP | 203.123.xx.xx |
Home LAN IP | 192.168.1.1/24 , fd2c:cfce:c1ce::1/60 |
Home WG IP | fd2c:cfce:c1ce:10::1/64 |
Android WAN IP | (dynamic IPv4) |
Android WG IP | fd2c:cfce:c1ce:10::2/64 |
Wireguard
Android Wireguard config:
[Interface]
Address = fd2c:cfce:c1ce:10::2/64
DNS = fd2c:cfce:c1ce:10::1
PrivateKey = xxxxxxxxxxxxxxxxxxxxxx
[Peer]
AllowedIPs = fd2c:cfce:c1ce::/48
Endpoint = 203.123.xx.xx:51820
PublicKey = f15Cut8SWrguJaPVFp68/N+ior/yJ7q+ml2o/Q+v1zg=
NOTE:
- Important to set
AllowedIPs
to the specific network that we’re using, as we don’t want to send all Internet traffic over the VPN - DNS IP corresponds with my home router. All DNS traffic from Android will get sent here while the tunnel is up.
DNS
OpenWRT supports setting hostnames for both IPv4 + IPv6 IP addresses under ‘DHCP and DNS’ -> Hostnames. I have a Truenas server on my home network, so I added 2 entries here:
Hostname | IP |
---|---|
truenas |
192.168.1.10 |
truenas6 |
fd2c:cfce:c1ce:0:12e7:c6ff:fe2f:6412 |
Each entry corresponds with an A
or AAAA
record and also a PTR
(reverse lookup). I’ve also configured OpenWRT with local domain .lan
.
Now I’m able to connect to truenas6.lan
from Android.