Unable to reach the devices via wireguard vpn

[Iván Ledesma]

Hi everybody,

 

I plan to use openwisp to provide Internet access in a community centre in a rural area in Spain. The access point´s will be installed in the community centre itself, but the openwisp server will be in a virtual machine hosted on my Synology NAS at home.

 

Consequently I plan to use wireguard to get the devices to reach the server.

 

I managed to deploy the server on Ubuntu 24.04 and to register two access points that, for the time being, are connected to my home network.

 

These two devices are registered but following ping checks fail.

 

The wireguard network is 10.8.0.0/24 and the server is given 10.8.0.1, whereas the access points are given 10.8.0.2 and 10.8.0.3.

 

Although the server and the devices can ping each other in the home network 192.168.0.0/24, they are unable to ping each other via wireguard.

 

The problem seems to be a routing one, but I´m not sure to tweak the routing table of the server without asking first; if it was such an evident problem, it would be covered in the guides, wouldn´t it?

 

If I don´t find a solution, I will have to revert to installing the server in the community centre and not using VPN´s.

 

Regards,            

 

Iván Ledesma Obelar

[Federico Capoano]

Hi Ivan,

Thanks for sharing your setup, it’s great to hear you're planning to use OpenWISP to support your local community initiative!

Regarding your current issue: based on what you've described, it sounds like the problem is related to WireGuard network routing or system-level configuration, rather than OpenWISP itself.

OpenWISP can be configured to work over VPN tunnels like WireGuard, but the underlying VPN setup, routing rules, and firewall/NAT configuration are outside the scope of what OpenWISP directly manages. Because of that, our documentation doesn’t go into full detail on VPN routing, especially since these details can vary based on your OS, firewall setup, or VPN configuration.

That said, maybe with more information we can help you debug a bit, can you please share the following information?

• The output of ip route and ip addr on your server and one of the access points.
• Your current WireGuard configuration on both ends.
• Whether IP forwarding is enabled on the server (/proc/sys/net/ipv4/ip_forward).
• Any relevant firewall rules on the server or on your openwrt devices that might be affecting traffic, for example, try disabling the firewall on openwrt, which usually blocks most of the incoming WAN traffic, if you're connecting the devices through the WAN port, the wireguard traffic may be affected by the WAN zone rules.
• Information on how you deployed Wireguard, did you use our ansible role? How is it configured?

Feel free to redact sensitive data like keys or IPs if needed. Once we have a clearer picture, we may be able to offer better guidance or confirm whether the issue is purely networking-related.

Best regards

Federico Capoano

OpenWISP OÜ

Kotkapoja tn 2a-10, 10615, Harju maakond, Tallinn, Estonia

VAT: EE101989729

+372 59361689

openwisp.io

--
You received this message because you are subscribed to the Google Groups "OpenWISP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openwisp+u...@googlegroups.com.
To view this discussion, visit https://groups.google.com/d/msgid/openwisp/4a282070-7901-4255-9cfb-37f6131d2308n%40googlegroups.com.

[Federico Capoano]

Hi Ivan,

It's great to hear you're making progress!

On Wed, 6 Aug 2025 at 13:02, Iván Ledesma Obelar <iled...@coit.es> wrote:

... 

When trying to anticipate following steps, I met some problems when trying to install the wifi login pages using this ansible role: https://github.com/openwisp/ansible-openwisp-wifi-login-pages

 

Specifically I met an error regarding nodejs: it appears that the role is unable to  add nodejs 16.x ppa for apt repo because the repository on https://deb.nodesource.com/node_16.x has no Release file.

 

Should I make my own ppa? Should I use a newer version of nodejs?

Make sure you have the latest version, which is using NodeJS v20.x:

https://github.com/openwisp/ansible-openwisp-wifi-login-pages/commit/83b881882ba539677899744af3ccf30ec6f939ba

I just noticed that for some reason it wasn't uploaded to ansible galaxy, I'll see if we can fix this soon, in the meantime install the latest master from github.

I hope this helps

Federico 

[Federico Capoano]

I manually updated the role on ansible-galaxy, this should work:

ansible-galaxy role install openwisp.wifi_login_pages --force

Best regards

Federico Capoano

[Iván Ledesma Obelar]

Thank you Federico for such a good disposition.

 

Thanks to your feedback I tried deleting additional vpn interfaces in the server, deactivating zones in the firewall and manually defining the server as a peer for each of the Openwrt devices; that enabled me to contact the devices from the server.

 

I still have to install the devices in the network of the community centre, deploy a wireguard server with ssl certificate and check if I still can reach the devices.

 

When trying to anticipate following steps, I met some problems when trying to install the wifi login pages using this ansible role: https://github.com/openwisp/ansible-openwisp-wifi-login-pages

 

Specifically I met an error regarding nodejs: it appears that the role is unable to  add nodejs 16.x ppa for apt repo because the repository on https://deb.nodesource.com/node_16.x has no Release file.

 

Should I make my own ppa? Should I use a newer version of nodejs?

 

Thanks for help and such a good work for the community,

 

Iván Ledesma Obelar

[Iván Ledesma Obelar]

I manage to install the wifi login pages.

I expect no to further bother again soon.

Thanks a lot,

 

Iván Ledesma Obelar

 

---

De: Federico Capoano <f.ca...@openwisp.io>
Enviado: miércoles, 6 de agosto de 2025 18:55
Para: Iván Ledesma Obelar <iled...@coit.es>
Cc: open...@googlegroups.com <open...@googlegroups.com>; iledesm...@gmail.com <iledesm...@gmail.com>

Asunto: Re: [openwisp] Unable to reach the devices via wireguard vpn