Cannot connect to hotel Wifi with new Beryl AX - IOS devices work fine

Routers
142

Here it is. I only need to use the VPN client.

config peers 'peer_[redacted]'
        option group_id '[redacted]'
        option name 'GL.iNet'
        option address_v4 '10.8.0.2/24'
        option address_v6 ''
        option end_point '[redacted]:51820'
        option private_key '[redacted]'
        option public_key '[redacted]'
        option presharedkey_enable '1'
        option preshared_key '[redacted]'
        option allowed_ips '0.0.0.0/0, ::/0'
        option dns '1.1.1.1'
        option persistent_keepalive '0'
        option mtu '1468'
        option local_access '0'
        option masq '1'
143

It looks proper. I wonder if the hotel network is blocking port 51820.

Install nmap & port scan that UDP port of the hotelā€™s router:

opkg update; opkg install nmap

root@certa:~# nmap 192.168.2.1 -sU -p 51820
Starting Nmap 7.91 ( https://nmap.org ) at 2023-11-13 09:52 EST
Nmap scan report for 192.168.2.1
Host is up (0.0012s latency).

PORT      STATE         SERVICE
51820/udp open|filtered unknown
MAC Address: [redacted] (GL Technologies (Hong Kong) Limited)
144

Changing to port 443 or 80 would allow the Wireguard traffic. Especially if the hotel wifi is only allowing https and http traffic.

145

OP would have to get someone at that endpoint to make such a change, however. Itā€™s a good thing the GL GUI isnā€™t terribly difficult to instruct someone over a voice call or email using screenshots.

146

I couldnā€™t install nmap on the temporary firmware and had to go the longer way with downloading to a USB stick and installing it from there. To make it clear: the setup Iā€™m in right now has two routers I can choose from. Letā€™s call them TP-Link and Orange.

With 4.4.6 I could only connect to Orange and WG worked fine but TP-Link gave me the wrong IE_HT_CAP entries in the log and I couldnā€™t connect to it at all.

With the test firmware I can connect to both TP-Link and Orange but the wireguard client does not even start, judging by the complete absence of it in the log.

I performed the nmap scan and TP-Link has 51820 as closed while Orange has it as open|filtered. Wireguard works from neither router with this firmware.

In this scenario I have full control of TP-Link so I can try out whichever settings I want but this will definitely not be the case elsewhere so the solution has to be robust. @JinOhChoi What did you mean by changing to port 443 or 80? Changing Wireguard traffic to it orā€¦?

147

On your Wireguard Server change the listening port from the default port 51820 and select either 443 or 80. This is a workaround (that may work) in case the hotel has blocked port 51820. Another issue maybe that wherever your endpoint is located. Make sure the Internet Service Provider doesnā€™t block inbound traffic for ports 443 (https) and 80 (http). Which could also be the case for non business internet connections.

148

I changed it on my Wireguard server to 443 (works when I connect from my phone which is in the same wifi network) but the MT3000 still wonā€™t connect to it. As I wrote, the VPN client on the MT3000 is not even starting so the port makes no difference whatsoever. What else can we try?

149

Iā€™m starting to thing thereā€™s a regression in that particular firmware impacting WireGuard. I think GL needs to replicate & confirm your setup.

Iā€™m bowing out of this thread but Iā€™d be interested in reading the solution.

150

It looks precisely to be the case. WG used to work, connecting to some networks didnā€™t. Now they fixed the networks but crashed WG :frowning:

151

It seems a bug from Jerryā€™s firmware.

Need to try the snapshto firmware.

152

If itā€™s me you mean, then yes, Iā€™ve also tried the 4.5.0 snapshot FW with the same effect as on 4.4.6 (being unable to connect to some networks).

153

Hi, any news so far on this issue? Is this on the roadmap for the next FW release?

154

https://dl.gl-inet.com/?model=mt3000&type=beta

Please try this beta firmware.

1 Like
155

@JerryZhao It works with the network it previously didnā€™t! Thank you! :slight_smile:

1 Like
156

@wcs2228

In another post about captive portals you mentioned that you stopped using these travel routers and instead use a phone for multiuser WiFi. I thought you were running an app on the phone acting as the WiFi host, but here it sounds like a built-in feature of your old phone. Could you post somewhere exactly how you set up this multiuser hotspot on your phone?