Beryl MT1300 Cannot use Wireguard Client

gillygo · May 12, 2024, 4:17pm

I have a Flint2 MT6000 (4.5.8). It works great. I set it up as a Wireguard Server and generated WG client profiles for my devices.

All of the devices work, iPhone14ProMax, Samsung S21, MacMiniM2, iPhoneX, nVidia Shield Pro, Mango MT-300N-V2 and Brume-W-MV-1000W connecting to the Flint2 with no issues whatsoever.

However, I cannot get my Beryl-MT-1300 to connect to the Flint2. There is something not right and I am stumped. I have generated additional profiles to test on my Beryl, reset to factory settings, downgraded and upgraded from 3.2.1.6 up to 4.3.11 (plus all the firmware in between) and yet no luck. Can someone help?

admon · May 12, 2024, 4:27pm

Is the internal LAN network of your Beryl the same as on Flint2?
(By default it’s 192.168.8.x)

If yes: Change it on the Beryl to something which isn’t 192.168.8 nor 192.168.9

gillygo · May 30, 2024, 1:53pm

Hi Admon, apologies for the delay in responding, and thanks for your suggestion.

All my GL.iNet devices already have different LAN IP. 192.168.8.1 for Flint2, 192.168.7.1 for Beryl, 192.168.2.1 Mango, Brume-W is 192.168.4.1.

Any other ideas?
Regards,
G

admon · May 30, 2024, 2:00pm

Think about the guest networks as well, they must be all different as well.

gillygo · May 30, 2024, 2:45pm

Have checked the Guest Network IP. All different to the Flint2.

buntspext · May 30, 2024, 2:51pm

Is there anything suspicious in the logfiles (on client & server)?

gillygo · May 30, 2024, 3:59pm

Sorry, am not an expert on all of this....how do I view the log files?

buntspext · May 30, 2024, 5:53pm

In the vpn dashboard click on "View Log"

gillygo · May 31, 2024, 11:21am

Thanks! It just never connects.

Log from Beryl

Fri May 31 12:11:42 2024 user.notice firewall: Reloading firewall due to ifdown of wgclient ()
Fri May 31 12:11:54 2024 daemon.notice netifd: Interface 'wgclient' is setting up now
Fri May 31 12:13:40 2024 user.notice wireguard-debug: USER=root ifname=wgclient ACTION=REKEY-GIVEUP SHLVL=1 HOME=/ HOTPLUG_TYPE=wireguard LOGNAME=root DEVICENAME= TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin PWD=/
Fri May 31 12:13:41 2024 daemon.notice netifd: wgclient (16953): [!] Section @forwarding[0] is disabled, ignoring section
Fri May 31 12:13:41 2024 daemon.notice netifd: wgclient (16953): [!] Section @forwarding[1] is disabled, ignoring section
Fri May 31 12:13:41 2024 daemon.notice netifd: wgclient (16953): [!] Section nat6 option 'reload' is not supported by fw4
Fri May 31 12:13:41 2024 daemon.notice netifd: wgclient (16953): [!] Section gls2s option 'reload' is not supported by fw4
Fri May 31 12:13:41 2024 daemon.notice netifd: wgclient (16953): [!] Section gls2s specifies unreachable path '/var/etc/gls2s.include', ignoring section
Fri May 31 12:13:41 2024 daemon.notice netifd: wgclient (16953): [!] Section glblock option 'reload' is not supported by fw4
Fri May 31 12:13:41 2024 daemon.notice netifd: wgclient (16953): [!] Section vpn_server_policy option 'reload' is not supported by fw4
Fri May 31 12:13:41 2024 daemon.notice netifd: wgclient (16953): [!] Automatically including '/usr/share/nftables.d/chain-pre/mangle_output/01-process_mark.nft'
Fri May 31 12:13:41 2024 daemon.notice netifd: wgclient (16953): [!] Automatically including '/usr/share/nftables.d/chain-post/mangle_output/out_conn_mark_restore.nft'
Fri May 31 12:13:42 2024 daemon.notice netifd: wgclient (16953): DROP  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   match-set GL_MAC_BLOCK src
Fri May 31 12:13:42 2024 daemon.notice netifd: wgclient (16953): Failed to parse json data: unexpected character
Fri May 31 12:13:42 2024 daemon.notice netifd: wgclient (16953): uci: Entry not found
Fri May 31 12:13:42 2024 daemon.notice netifd: wgclient (16953): cat: can't open '/tmp/run/wg_resolved_ip': No such file or directory
Fri May 31 12:13:43 2024 daemon.notice netifd: Interface 'wgclient' is now down
Fri May 31 12:13:43 2024 daemon.notice netifd: Interface 'wgclient' is setting up now
Fri May 31 12:13:45 2024 user.notice mwan3[17073]: Execute ifdown event on interface wgclient (unknown)
Fri May 31 12:13:46 2024 user.notice firewall: Reloading firewall due to ifdown of wgclient ()

buntspext · May 31, 2024, 2:33pm

These entries indicate that it is likely a typo somewhere in the WireGuard configuration:

daemon.notice netifd: wgclient (16953): [!] Section ... is not supported by fw4
daemon.notice netifd: wgclient (16953): Failed to parse json data: unexpected character

Check for typos in the config file and try again.

admon · May 31, 2024, 4:20pm

No, it's a usual message because of some additional GL settings.

gillygo · June 4, 2024, 9:17pm

Hi good people, no more suggestions?