WARP on router (Asus AC86U)

stonecarver · March 30, 2021, 3:48pm

Hello
Some genius over at snbforums, managed to write a script to simply install and run wireguard on an AC86U.
I managed to run the WARP conf, I see handshakes but I cannot resolve domain names.
I can ping 1.1.1.1 or 8.8.8.8, but most websites won’t load.
I know, this may not be the right place, but maybe some WARP technician can see what’s wrong.

I remember testing the very early Windows WARP client. I had the exact same problem.
The client was running, but I could not resolve domain names. It was updated later and the problem was gone.

Chris_M · March 31, 2021, 11:55pm

Hello! With wireguard, you’ll have created a new network interface on the router. There are a lot of variables here that could be a factor, and this may ultimately be best addressed by someone familiar with the router itself, but have you adjusted the router settings/firewall to forward traffic through the new wg0 interface? For example, was there any setting set to forward traffic to port 53 before that is now not looking at the right interface?

stonecarver · April 1, 2021, 2:17pm

Hi, thanks for the reply.
Yes, the script takes care of forwarding the traffic.

This is my setup:
PC (192.168.1.139) → Router (192.168.1.1) → LTU Pro (Bridge, 172.16.253.6) → LTU Rocket (Bridge, 172.16.253.2) → ISP

And this is my warp.conf (for wireguard):
#Cloudflare Warp
[Interface]
PrivateKey = hidden
Address = 172.16.0.2/32
DNS = 1.1.1.1

[Peer]
PublicKey = bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=
AllowedIPs = 0.0.0.0/0
Endpoint = engage.cloudflareclient.com:2408

stonecarver · April 10, 2021, 9:29am

There is “some” traffic over the wireguard interface, also 1.1.1.1/help does say DNS over WARP = YES, but I cannot resolve most domain names…

stonecarver · April 10, 2021, 10:55am

I was so desperate to figure out my problem, so I bought a mobile data sim and LTE stick.
I plugged this stick into my AC86U and now I’m using the mobile LTE data sim as my primary WAN.
Now, WARP is working without problems. So I guess the problem is my other ISP or the special setup I use. (Router->LTU Pro->LTU Rocket->ISP)

stonecarver · April 10, 2021, 11:46am

My ISP told me, in order to properly use WARP I have to do something:

[CODE]/ip firewall mangle

add out-interface=pppoe-out protocol=tcp tcp-flags=syn action=change-mss new-mss=1300 chain=forward tcp-mss=1301-65535[/CODE]

But I don’t know what this is or how to use this?

Maybe someone can explain me, how I can use this or where I have to add this?

Edit:

I think it has something to do with MTU?

Is there a way to configure MTU for my warp.conf interface?

stonecarver · April 10, 2021, 11:54am

FINALLY!

I had to lower the MTU for my warp interface to 1280, now the tunnel is working!

system · June 18, 2021, 9:52pm