Cannot connect Slate router using Wireguard to Android phone


#1

Hi All, I’ve been having no luck at all connecting to the Slate router using a WireGuard VPN connection.
I cannot get simplest of connections working.

Android Phone>>Slate 750s router (connected via wi-fi to an iphone’s hotspot)

Firmware: (latest @ 3.007)
Wireguard app on the Android phone is v0.0.20181001.

I factory defaulted the Slate. So there should not be any other issues.
After connecting the Slate to my iphone’s hotspot via wi-fi. I then followed the guide here https://docs.gl-inet.com/en/3/app/wireguard/ to set up a wireguard server on the Slate, keeping all the defaults. Pretty simple stuff.

After adding a Client, via the management tab. I clicked the Configurations icon, and transferred the settings to the Android phone via the QRCode and then enabled the Wireguard connection on the Andriod phone.

However, when I try and access any web pages on the Android phone I get nothing, zip!
When I ssh’d into the Slate and ping the phone at 10.0.0.2, all I get back is “ping: sendto: Destination address required”
I’ve checked the Wireguard settings on the Android phone, to make sure the QRCode transfered correctly.

Anyone got any ideas what is wrong?
Thanks


#2

If Slate uses as WireGuard server, it has to have a public IP address. If your Slate access the Internet via WISP, it might have a private IP address, not public IP address.


#3

Hi, I have a Laptop connected to the Slate though one off the LAN ports and can get internet access. So I asume I must have a public IP address.


#4

Not necessarily; you said you’d: “transferred the settings to the Android phone via the QRCode”, but what IP address is the server’s (The Slate’s) peer address being used in the config file? If that address isn’t reachable from the Android device, you won’t be able to connect to it. IOW, try pinging the Slate from the Android device.


#5

It can’t say the Slate has a public IP address. You should attach the Slate to your ISP modem.


#6

The laptop is attached via wifi just for configuring the Slate. I’ve now tried a different config. I’m now using a USB 3G dongle attached to the Slate. I get internet with the dongle attached fine. I then set up the Wireguard server / client.
This time the client is my iPhone, Wifi is turned off and I’m using cellular data. I can confirm it has internet access without the vpn. I then transfer the config over to the phone using the QR code and turn the VPN on. But again it does not appear to connect. I’ve checked the settings and the phone has the public IP/Port and port of the Slate. The public/private keys are correct. If I ssh into the Slate I cannot ping the client on 10.0.0.2. There does not appear to be any initial handshake/connection. I cannot see anything wrong with the settings, or anything I might need to change. I presume the slate opens up port 51820 and configures the firewall.

OpenVPN works fine. I just don’t want to use OpenVPN as it’s way to slow.

Below are my wireguard settings on the Slate
root@GL-AR750S:~# wg
interface: wg0
public key: jCQT…dQw=
private key: (hidden)
listening port: 51820

peer: +AY+A…EU=
allowed ips: 10.0.0.2/32
persistent keepalive: every 25 seconds

These are my client settings on the iPhone

The Endpoint is the same IP address, ans the one on the when i google Whats My IP.

I’ve also checked with the phone providers and they are not blocking any ports.

Thanks
Neal


#7

Does the IP address in endpoint is the same as the IP address you see on admin web? Could you take a screenshot on INTERNET tab? It looks like this.


#8

Should the IP Address shown be a public one?
The modem attached via the USB slot is a ZTE MF730 model. Even though the docs describe it’s a modem, The Slate always tethers the device and it never shows up in the 3G/4G Modem section.

Many Thanks


#9

It is a private IP address, not public IP address. Therefore, the WireGuard client fails to connect your Slate which is act as server.


#10

If it work in tethering mode, it should have its own UI on 192.168.0.1

You can set up port forward in the modem.

But most importantly, make sure your carrier allows you to use as server. This is generally not possible in carriers.


#11

Ok, forgive my noob questions, trying to understand all this.

So these USB dongles are’t pure modems. There modems + router and without forwarding, the packets on port 51820 won’t get though, is that correct? Unfortunately the dongle does not have a port forward config page and is not accepting ssh requests.

Can you get pure USB mobile modem that will provide the Slate with just a public IP. If so, any recommendations?

Do I need the Slate to also have a public IP (rather than private tethered one) if I use the Slate a WireGuard client, and not as a server?

Thanks


#12

Problem is, that’s up to the carrier, unfortunately. Almost every provider (in the US, at least, YMMV) will (CG)NAT all consumer-grade mobile connections (and some even CGNAT IPv6!). You’d have to see if your carrier will allow you to get a static IP for your account, but then you may venture into Enterprise-grade territory and I have no idea what pricing is for that.