Hi everyone and anyone,
I have been trying to resolve this issue for days but it would appear that I am too much of a simpleton to follow the incredibly straight forward set-up guides available from gl.inet.
Please help.
I have Fibre To The Home, ONT is set to bridge mode, this feeds into the Brume (MT2500) WAN port (set-up to connect using PPPoE) and the LAN port of the MT2500 feeds into a network switch and off to the many devices in the home.
MT2500 seems to be working great as a Home router, with ad-guard activated and various port forwarding.
I need to access the home network remotely and have previously relied upon a raspberry pi running OpenVPN, this has worked great and is still running great
I now want to use the Beryl (MT3000) as a travel router that ensure that all devices connected to MT3000 have their traffic directed through either OpenVPN or Wireguard (MT2500 acting as server) and ensures that my IP address and DNS details while travelling are showing as my home location and that I can access the home network devices when required.
I do not need access from home location to remote location, only to do an ET and phone home
The problem seems to be with setting up OpenVPN and Wireguard.
I have attempted all the guides provided by gl.inet, they all appear to be so straight forward to follow and complete, yet the end result is not what I wanted, expected or feel emotionally able to try to resolve on my own any further.
I had the expectation that I could just follow the guides and be laughing all the way to the pub to reward myself with a beer for a job well done.
I do not know what I am missing.
Anyone willing to help me? I will buy you a beer…or however many you think you would need!
I have tried to include as much info below as I can….
I am using DDNS ( glddns )as I do not have fixed IP from ISP
Adguard is turned on but doesn’t make a difference to the success of the VPN if I turn it off
DNS settings under ‘Network’ are set to Automatic - I have played with this in various ways, doesnt make too much difference to success of VPN
Under ‘Firewall’ I have set-up port forwarding to all required devices
MT2500 (Brume) VPN Server set-up:
‘Allow Remote Access LAN’ and ‘IP Masquerading’ is turned on for both OpenVPN and Wireguard
‘Enable VPN Cascading’ is turned off
No ‘Route Rules’ are set-up on either OpenVPN or Wireguard
User setting file under Wireguard:
[Interface]
Address = 10.0.0.3/24
PrivateKey = xxxxxxxxxxxxx (redacted)
DNS = 64.6.64.6, 64.6.65.6
MTU = 1280
[Peer]
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = xxxxxxx.glddns.com:51820 (redacted)
PersistentKeepalive = 25
PublicKey = xxxxxxx (redacted)
I tried playing around with the MTU settings but this did not make any difference to success.
OpenVPN server settings are:
Device Mode - TUN
Protocol - UDP
Local Port - 1195
IPv4 Subnet - 10.8.0.0
IPv4 Netmask - 255.255.255.0
Authentication Mode - Username/ Password only
Enable LZO Compression - off
Enable TLS Authentication - off
Client to Client - off
Verbosity Level - 3
MT3000 (Beryl) VPN Client set-up:
‘Allow Remote Access LAN’ and ‘IP Masquerading’ is turned on for both OpenVPN and Wireguard
‘Enable VPN Cascading’ is turned off.
‘Allow Access WAN’ turned off and ‘Services from GL.iNet Use VPN’ is also off
I am currently away from home in another country after running out of time to get this set-up completely before leaving. I am grateful for having the raspberry pi VPN to help me access to home MT2500 to make any necessary changes.
The MT3000 is able to connect through WG and OpenVPN to the MT2500 but this is a far as it seems to be successful.
MT3000 Log file for Wireguard after connecting to MT2500:
Sat Oct 7 14:02:41 2023 user.notice mwan3[9713]: Starting tracker on interface wgclient (wgclient)
Sat Oct 7 14:02:44 2023 user.notice firewall: Reloading firewall due to ifup of wgclient (wgclient)
Sat Oct 7 14:03:39 2023 daemon.notice netifd: Network device ‘wgclient’ link is down
Sat Oct 7 14:03:39 2023 daemon.notice netifd: wgclient (13359): sh: 1: unknown operand
Sat Oct 7 14:03:39 2023 user.notice mwan3[13358]: Execute ifdown event on interface wgclient (unknown)
Sat Oct 7 14:03:40 2023 daemon.notice netifd: Interface ‘wgclient’ is now down
Sat Oct 7 14:03:40 2023 user.notice firewall: Reloading firewall due to ifdown of wgclient ()
Sat Oct 7 14:03:46 2023 daemon.notice netifd: ovpnclient (14319): Warning: Option ‘wgclient’.masq6 is unknown
Sat Oct 7 14:03:46 2023 daemon.notice netifd: ovpnclient (14319): Warning: Section ‘wgclient2lan’ refers to not existing zone ‘wgclient’
Sat Oct 7 14:04:00 2023 daemon.notice netifd: ovpnclient (16417): Warning: Option ‘wgclient’.masq6 is unknown
Sat Oct 7 14:04:00 2023 daemon.notice netifd: ovpnclient (16417): Warning: Section ‘wgclient2lan’ refers to not existing zone ‘wgclient’
Sat Oct 7 14:12:00 2023 user.notice wgclient-up: env value:SHLVL=2 GL_SERVICE_QUEUE=1 PWD=/
Sat Oct 7 15:21:01 2023 daemon.notice netifd: Interface ‘wgclient’ is setting up now
Sat Oct 7 15:21:01 2023 daemon.notice netifd: wgclient (30933): Error: inet6 prefix is expected rather than "".
Sat Oct 7 15:21:01 2023 daemon.notice netifd: Network device ‘wgclient’ link is up
Sat Oct 7 15:21:01 2023 daemon.notice netifd: Interface ‘wgclient’ is now up
Sat Oct 7 15:21:01 2023 user.notice wgclient-up: env value:T_J_V_ifname=string J_V_address_external=1 USER=root ifname=wgclient ACTION=KEYPAIR-CREATED N_J_V_address_external=address-external SHLVL=2 J_V_keep=1 HOME=/ HOTPLUG_TYPE=wireguard T_J_V_interface=string J_V_ifname=wgclient T_J_V_link_up=boolean LOGNAME=root DEVICENAME= T_J_V_action=int TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin CONFIG_LIST_STATE= J_V_interface=wgclient K_J_V= action ifname link_up address_external keep interface J_V_link_up=1 J_V_action=0 T_J_V_address_external=boolean N_J_V_link_up=link-up T_J_V_keep=boolean PWD=/ JSON_CUR=J_V CONFIG_SECTIONS=global AzireVPN Mullvad FromApp group_4775 group_4094 group_7061 group_8068 peer_2001 peer_2002 CONFIG_cfg030f15_ports=
Sat Oct 7 15:21:02 2023 user.notice mwan3[31192]: Execute ifup event on interface wgclient (wgclient)
Sat Oct 7 15:21:02 2023 user.notice mwan3[31192]: Starting tracker on interface wgclient (wgclient)
Sat Oct 7 15:21:04 2023 user.notice firewall: Reloading firewall due to ifup of wgclient (wgclient)\n"
MT3000 Log file for OpenVPN after connecting to MT2500:
Sat Oct 7 15:23:15 2023 daemon.notice netifd: ovpnclient (4957): * Rule ‘wan_in_conn_mark’
Sat Oct 7 15:23:15 2023 daemon.notice netifd: ovpnclient (4957): * Rule ‘lan_in_conn_mark_restore’
Sat Oct 7 15:23:15 2023 daemon.notice netifd: ovpnclient (4957): * Rule ‘out_conn_mark_restore’
Sat Oct 7 15:23:15 2023 daemon.notice netifd: ovpnclient (4957): * Zone ‘lan’
Sat Oct 7 15:23:15 2023 daemon.notice netifd: ovpnclient (4957): * Zone ‘wan’
Sat Oct 7 15:23:15 2023 daemon.notice netifd: ovpnclient (4957): * Zone ‘guest’
Sat Oct 7 15:23:15 2023 daemon.notice netifd: ovpnclient (4957): * Zone ‘ovpnclient’
Sat Oct 7 15:23:15 2023 daemon.notice netifd: ovpnclient (4957): * Set tcp_ecn to off
Sat Oct 7 15:23:15 2023 daemon.notice netifd: ovpnclient (4957): * Set tcp_syncookies to on
Sat Oct 7 15:23:15 2023 daemon.notice netifd: ovpnclient (4957): * Set tcp_window_scaling to on
Sat Oct 7 15:23:15 2023 daemon.notice netifd: ovpnclient (4957): * Running script ‘/etc/firewall.nat6’
Sat Oct 7 15:23:15 2023 daemon.notice netifd: ovpnclient (4957): * Running script ‘/etc/firewall.swap_wan_in_conn_mark.sh’
Sat Oct 7 15:23:15 2023 daemon.notice netifd: ovpnclient (4957): * Running script ‘/var/etc/gls2s.include’
Sat Oct 7 15:23:15 2023 daemon.notice netifd: ovpnclient (4957): ! Skipping due to path error: No such file or directory
Sat Oct 7 15:23:15 2023 daemon.notice netifd: ovpnclient (4957): * Running script ‘/usr/bin/gl_block.sh’
Sat Oct 7 15:23:15 2023 daemon.notice netifd: ovpnclient (4957): * Running script ‘/etc/firewall.vpn_server_policy.sh’
Sat Oct 7 15:23:16 2023 user.notice mwan3[5053]: Execute ifup event on interface ovpnclient (ovpnclient)
Sat Oct 7 15:23:16 2023 user.notice mwan3[5053]: Starting tracker on interface ovpnclient (ovpnclient)
Sat Oct 7 15:23:18 2023 daemon.notice ovpnclient[4957]: Initialization Sequence Completed
Sat Oct 7 15:23:18 2023 user.notice firewall: Reloading firewall due to ifup of ovpnclient (ovpnclient)\n"
I have tried playing with the ‘Block-Non-VPN Traffic’ and or the ‘Global Proxy’/ ‘Auto Detect’ settings with mixed success and failure, see the following:
Wireguard:
Block non-vpn traffic ON and global proxy ON
CAN NOT access remote devices
CAN NOT browse the internet
Block non-vpn traffic ON and auto detect ON
CAN NOT access remote devices
CAN NOT browse the internet
Block non-vpn traffic OFF and Global Proxy ON
CAN NOT access remote devices
CAN browse the internet
ipleak shows the ip address as remote (my home country) but the DNS does not show any results
Block non-vpn traffic OFF and auto detect ON
CAN NOT access remote devices
CAN browse the internet
ipleak shows the ip address as remote (my home country) but the DNS as local (my temporary country)
OpenVPN:
Block non-vpn traffic ON and global proxy ON
CAN NOT access remote devices
CAN browse the internet
ipleak shows the ip address as remote (my home country) but the DNS does not show any results
Block non-vpn traffic ON and auto detect ON
CAN NOT access remote devices
CAN NOT browse the internet
Block non-vpn traffic OFF and Global Proxy ON
CAN NOT access remote devices
CAN browse the internet
ipleak shows the ip address as remote (my home country) but the DNS does not have any results
Block non-vpn traffic OFF and auto detect ON
CAN NOT access remote devices
CAN browse the internet
ipleak shows the ip address and DNS as local (my temporary country)
I have set-up the MT3000 with the config file for connecting through OpenVPN to the Raspberry pi back-up and the results for how this works are:
OpenVPN from MT3000 to Raspberry PI
Block non-vpn traffic ON and global proxy ON
CAN access remote devices
CAN NOT browse the internet
Block non-vpn traffic ON and auto detect ON
CAN access remote devices
CAN NOT browse the internet
Block non-vpn traffic OFF and Global Proxy ON
CAN NOT access remote devices
CAN browse the internet
ipleak shows the ip address and DNS as remote (my home country)
Block non-vpn traffic OFF and auto detect ON
CAN access remote devices
CAN browse the internet
ipleak shows the ip address as local (my temporary country) and DNS as remote (my home country).