Hey there
I have recently been successful in enabling a remote WireGuard access to my network in my openwrt router. Now I plan to only use WireGuard via mobile network to have VPN and home network access from anywhere from my mobile device. I have a nice stereo setup in my living room with an RPi4B that runs Moode Spotify with a DAC and 2 nice KEF LS50 loudspeakers. I'm listening to music via Spotify in highres here. I have an Android device, my wife has an iPhone...
The moodeaudio machine appears to remember the last credentials that have been used for remote control when using Spotify connect. It wont work if i use another device connected to wireguard, neither if I try to remote via airplay using my wife's IPhone. She uses the stereo regularly. Everything works if we login to my openwrt wifi. Now I want to reduce the amount of electromagnetic noise in my home so id like to only use our mobile network at home that needs to have up anyways and disable the homewifi. As I mentioned up I configured a wireguard tunnel that connects over my ISP router to my openwrtrouter so we are connected with our homenetwork.
Here is how my system looks like:
I have now been trying to workaround for about a week but can't figure out how to fix this. I could imagine the problem to be due to the different networklayer: My homenet that is generally connected via Ethernet is contained in 192.168.3.x, the Wireguardserver generally gives IP within 172.22.22.x/32. To be honest I'm not sure how I would integrate the wireguard server to give static leases within 192.168.3.x, nor do I know if that makes sense. Does anyone here hav e an idea how an iPhone and andoidphone will be able to remote control Spotify in that stereo using wireguard?
Thanks in advance and Best Regards
Jajabinx
I have recently been successful in enabling a remote WireGuard access to my network in my openwrt router. Now I plan to only use WireGuard via mobile network to have VPN and home network access from anywhere from my mobile device. I have a nice stereo setup in my living room with an RPi4B that runs Moode Spotify with a DAC and 2 nice KEF LS50 loudspeakers. I'm listening to music via Spotify in highres here. I have an Android device, my wife has an iPhone...
The moodeaudio machine appears to remember the last credentials that have been used for remote control when using Spotify connect. It wont work if i use another device connected to wireguard, neither if I try to remote via airplay using my wife's IPhone. She uses the stereo regularly. Everything works if we login to my openwrt wifi. Now I want to reduce the amount of electromagnetic noise in my home so id like to only use our mobile network at home that needs to have up anyways and disable the homewifi. As I mentioned up I configured a wireguard tunnel that connects over my ISP router to my openwrtrouter so we are connected with our homenetwork.
Here is how my system looks like:
Code:
ubus call system board
{
"kernel": "5.15.167",
"hostname": "OpenWrt",
"system": "ARMv7 Processor rev 1 (v7l)",
"model": "Linksys WRT3200ACM",
"board_name": "linksys,wrt3200acm",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "23.05.5",
"revision": "r24106-10cc5fcd00",
"target": "mvebu/cortexa9",
"description": "OpenWrt 23.05.5 r24106-10cc5fcd00"
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd7f:0959:af62::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.3.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device
option name 'wan'
option macaddr 'xxxxxxxxxxxxxx'
config interface 'wan'
option device 'wan'
option proto 'dhcp'
option peerdns '0'
list dns '194.242.2.3'
list dns '194.242.2.9'
list dns '103.86.96.100'
config interface 'OPENVPN'
option proto 'none'
option device 'tun0'
config interface 'wgserver'
option proto 'wireguard'
option private_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
option listen_port '55443'
list addresses '172.22.22.1/24'
config wireguard_wgserver
option description 'Husband'
option public_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
option private_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
option route_allowed_ips '1'
option endpoint_port '55443'
option persistent_keepalive '24'
list allowed_ips '172.22.22.2/32'
config wireguard_wgserver
option description 'Wife'
option public_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
option private_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
list allowed_ips '172.22.22.3/32'
option route_allowed_ips '1'
option endpoint_port '55443'
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config zone
option name 'OpenVPN'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list device 'tun+'
config forwarding
option src 'lan'
option dest 'OpenVPN'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'Force DNS'
option src 'wan'
option src_dport '53'
option dest_port '53'
config rule
option name 'Allow-55443'
list proto 'udp'
option src 'wan'
option dest_port '55443'
option target 'ACCEPT'
config nat
option name 'SNAT-WGserver'
list proto 'all'
option src 'lan'
option src_ip '172.22.22.0/24'
option target 'MASQUERADE'
config include 'pbr'
option fw4_compatible '1'
option type 'script'
option path '/usr/share/pbr/firewall.include'
config zone
option name 'wgserver'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'wgserver'
config forwarding
option src 'wgserver'
option dest 'lan'
config forwarding
option src 'lan'
option dest 'wgserver'
config forwarding
option src 'wgserver'
option dest 'wan'
config forwarding
option src 'wgserver'
option dest 'OpenVPN'
config forwarding
option src 'wgserver'
option dest 'lan'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'Spotify Connect'
option src 'wan'
option src_dport '4070'
option dest_ip '192.168.3.141' ---- IP of RBP with Moode Audio
option dest_port '4070'
config rule
option name 'Allow-mDNS-AirPlay'
option src 'wgserver'
option dest 'lan'
option proto 'udp'
option dest_port '5353'
option target 'ACCEPT'
config rule
option name 'Allow-AirPlay-UDP'
option src 'wgserver'
option dest 'lan'
option proto 'udp'
option dest_port '7000-7100'
option target 'ACCEPT'
config rule
option name 'Allow-AirPlay-TCP'
option src 'wgserver'
option dest 'lan'
option proto 'tcp'
option dest_port '3689 5005'
option target 'ACCEPT'
config redirect
option dest 'lan'
option target 'DNAT'
option src 'wan'
option src_dport '3689'
option dest_ip '192.168.3.141'
option dest_port '3689'
option name 'Airplay'
list proto 'tcp'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'AP'
list proto 'udp'
option src 'wan'
option src_dport '5353'
option dest_ip '192.168.3.141'
option dest_port '5353'
root@OpenWrt:~# cat /etc/avahi/avahi-daemon.conf
[server]
allow-interfaces=br-lan,wgserver
use-ipv4=yes
use-ipv6=no
check-response-ttl=no
enable-dbus=no
[publish]
publish-addresses=yes
publish-hinfo=no
publish-workstation=no
publish-domain=yes
publish-aaaa-on-ipv4=no
[reflector]
enable-reflector=yes
reflect-ipv=yes
reflect-filters=_spotify-connect._tcp
[rlimits]
#rlimit-as=
rlimit-core=0
rlimit-data=4194304
rlimit-fsize=0
rlimit-nofile=30
rlimit-stack=4194304
rlimit-nproc=3I have now been trying to workaround for about a week but can't figure out how to fix this. I could imagine the problem to be due to the different networklayer: My homenet that is generally connected via Ethernet is contained in 192.168.3.x, the Wireguardserver generally gives IP within 172.22.22.x/32. To be honest I'm not sure how I would integrate the wireguard server to give static leases within 192.168.3.x, nor do I know if that makes sense. Does anyone here hav e an idea how an iPhone and andoidphone will be able to remote control Spotify in that stereo using wireguard?
Thanks in advance and Best Regards
Jajabinx