BUG: Package update fails with VPN (Wireguard) enabled

As per the subject, I can’t update packages / install Luci with my Wireguard VPN enabled.
My router is an Opal, but I previously notcied this on a Shadow too.
Firmware is 3.215 beta1 but also failed on 3.212 (on the AR300M).

Happi

Can you try in ssh?

opkg update

It shows more info.

/sys/kernel/debug/usb$ opkg update
Downloading https://fw.gl-inet.com/releases/v18.06.5/packages-3.6/siflower/packages/Packages.gz
Failed to establish connection
Failed to establish connection
Failed to establish connection
Collected errors:

*** Failed to download the package list from https://fw.gl-inet.com/releases/v18.06.5/packages-3.6/siflower/packages/Packages.gz

Downloading https://fw.gl-inet.com/releases/v18.06.5/packages-3.6/siflower/glinet/Packages.gz
*** Failed to download the package list from https://fw.gl-inet.com/releases/v18.06.5/packages-3.6/siflower/glinet/Packages.gz

Downloading https://fw.gl-inet.com/releases/v18.06.5/kmod-3.6/siflower/sf19a28_nand/Packages.gz
*** Failed to download the package list from https://fw.gl-inet.com/releases/v18.06.5/kmod-3.6/siflower/sf19a28_nand/Packages.gz

Seems your vpn blocks our server or Amazon CDN. Is this possible?

I don’t think so, because if I click the links above they work under Windows.

Maybe just one the router try the below to see if it can download.

wget https://fw.gl-inet.com/releases/v18.06.5/packages-3.6/siflower/packages/Packages.gz

I put that in distribuion feeds in Luci and got this:

Failed to establish connection
Collected errors:

Just to update…

Tried "pinging from with Luci and found that all number addresses work (eg.8.8.8.8) and all letter addresses don’t (eg. google.com)

error message: ping: bad address ‘google.com

OK. Seems that the router itself cannot resolve DNS.

What is the DNS settings in your wireguard?

Can you try set up custom DNS in the router’s UI?

I have the server address for DNS in Wireguard but have DNS over TLS and Override DNS for all clients checked.

Can you send your wireguard config to me privately so that I can just try?