Beryl AX Wireguard cannot access remote LAN

Another beryl AX issue…

I have a wg server running on my NAS at home that I use to remotely access my local network. Works perfectly on my phone and laptop running their own clients but when loading the conf file to run the VPN on my Beryl I have internet access but none of my devices connected to the beryl can access the local network (beryl is the only wg client running so there are no conflicts)

I’ve searched all over the forums and Google and can’t figure this out. Here are settings I’ve fiddled with:

Global Options:
Allow Access WAN. ON
Services from gl.inet use LAN. ON
Block non-VPN traffic. OFF

Wireguard client settings:
Allow Remote access LAN. ON
IP Masquerade. ON
MTU. 1280

Modify proxy mode
I have tired both “Auto detect” and “global proxy”

No matter what I do in getting internet access fine and it’s showing the public ip address is home through the vpn but cannot access anything local remotely like I should be.

“Thu Dec 14 21:10:11 2023 daemon.notice netifd: Interface ‘wgclient’ is setting up now\nThu Dec 14 21:10:11 2023 daemon.notice netifd: Network device ‘wgclient’ link is up\nThu Dec 14 21:10:11 2023 daemon.notice netifd: Interface ‘wgclient’ is now up\nThu Dec 14 21:10:12 2023 user.notice mwan3[21747]: Execute ifup event on interface wgclient (wgclient)\nThu Dec 14 21:10:12 2023 user.notice wgclient-up: env value:T_J_V_ifname=string J_V_address_external=1 USER=root ifname=wgclient ACTION=KEYPAIR-CREATED N_J_V_address_external=address-external SHLVL=2 J_V_keep=1 HOME=/ HOTPLUG_TYPE=wireguard T_J_V_interface=string J_V_ifname=wgclient T_J_V_link_up=boolean LOGNAME=root DEVICENAME= T_J_V_action=int TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin CONFIG_LIST_STATE= J_V_interface=wgclient K_J_V= action ifname link_up address_external keep interface J_V_link_up=1 J_V_action=0 T_J_V_address_external=boolean N_J_V_link_up=link-up T_J_V_keep=boolean PWD=/ JSON_CUR=J_V CONFIG_SECTIONS=global AzireVPN Mullvad FromApp group_8201 group_7519 group_486 group_8023 peer_2001 CONFIG_cfg030f15_ports=\nThu Dec 14 21:10:12 2023 user.notice mwan3[21747]: Starting tracker on interface wgclient (wgclient)\nThu Dec 14 21:10:14 2023 user.notice firewall: Reloading firewall due to ifup of wgclient (wgclient)\nThu Dec 14 21:14:16 2023 user.notice wgclient-up: env value:SHLVL=2 GL_SERVICE_QUEUE=1 PWD=/\nThu Dec 14 21:20:44 2023 daemon.notice netifd: Network device ‘wgclient’ link is down\nThu Dec 14 21:20:44 2023 daemon.notice netifd: wgclient (15175): sh: 1: unknown operand\nThu Dec 14 21:20:45 2023 user.notice mwan3[15174]: Execute ifdown event on interface wgclient (unknown)\nThu Dec 14 21:20:45 2023 daemon.notice netifd: Interface ‘wgclient’ is now down\nThu Dec 14 21:20:45 2023 user.notice firewall: Reloading firewall due to ifdown of wgclient ()\nThu Dec 14 22:03:16 2023 daemon.notice netifd: Interface ‘wgclient’ is setting up now\nThu Dec 14 22:03:16 2023 daemon.notice netifd: Network device ‘wgclient’ link is up\nThu Dec 14 22:03:16 2023 daemon.notice netifd: Interface ‘wgclient’ is now up\nThu Dec 14 22:03:16 2023 user.notice wgclient-up: env value:T_J_V_ifname=string J_V_address_external=1 USER=root ifname=wgclient ACTION=KEYPAIR-CREATED N_J_V_address_external=address-external SHLVL=2 J_V_keep=1 HOME=/ HOTPLUG_TYPE=wireguard T_J_V_interface=string J_V_ifname=wgclient T_J_V_link_up=boolean LOGNAME=root DEVICENAME= T_J_V_action=int TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin CONFIG_LIST_STATE= J_V_interface=wgclient K_J_V= action ifname link_up address_external keep interface J_V_link_up=1 J_V_action=0 T_J_V_address_external=boolean N_J_V_link_up=link-up T_J_V_keep=boolean PWD=/ JSON_CUR=J_V CONFIG_SECTIONS=global AzireVPN Mullvad FromApp group_8201 group_7519 group_486 group_8023 peer_2001 CONFIG_cfg030f15_ports=\nThu Dec 14 22:03:17 2023 user.notice mwan3[15321]: Execute ifup event on interface wgclient (wgclient)\nThu Dec 14 22:03:17 2023 user.notice mwan3[15321]: Starting tracker on interface wgclient (wgclient)\nThu Dec 14 22:03:19 2023 user.notice firewall: Reloading firewall due to ifup of wgclient (wgclient)\n”

It seems you have WG Client routing issue on the Beryl AX. I’d try templating from the following, substituting the GL-AX1800 for your NAS/WG-Server:

Been trying to understand the wireguard to home lan problem for 1.5 weeks. There appears to be a problem with glinet router as wireguard client.

I have:
Brume2 wgserver - working
Ios wgclient - working
Slate plus wgclient - works for internet home streaming tv but not for home lan access.

So why should ios client work and glinet router client not work using same wgclient settings as ios client which does work?

When ios wgclient is connected to server, the wgserver address is reported by ios vpn settings as 127.0.0.1.

Allowed addresses in wgclient config file do not have any lan ips. But it works.

How do i make the glinet wgclient have the same privileges as ios wgclient. Presume it needs to think the wgserver address is 127.0.0.1.

Did you find a solution? I have the same issue but not luck finding a solution yet.

Did you try messing around with MTU? It's helped me in the past

@Pro4TLZZ can you define “messing around”? I’ve never had to adjust MTU before.

Also I just realized it’s probably not an issue with the gl-inet travel router (Beryl AX). Even if I connect to the AirBnB wifi directly my VPN does not work. It works at all other remote locations I’ve tried and if I connect my laptop to the hotspot on my cellphone it works.

I suspect something in the ISP router at the AirBnB is interfering, which is weird but it’s the only common denominator, I think.

Laptop or cellphone > BerylAX > ISP router via Ethernet = VPN does not work

Laptop or cellphone > ISP router via Wifi = VPN does not work

Laptop > Cellular hotspot = VPN does work

Laptop > BerylAX > tether to cellular = VPN does work

If I run the VPN on both the Beryl AX and my laptop I can reach my home LAN device but not if I only have one or the other running. Obviously running the VPN twice isn't practical and defeats the purpose of setting up the VPN just on the Beryl which was half the point of getting it.

Looks like it might be a subnet issue. The AirBnB I'm at has the same 192.168.1.x subnet as my home LAN