Cannot get clients to connect to WG server on AX1800 Flint

Technical Support for Routers VPN, DNS, Leaks
1

I am new to VPN and am struggling to get the Wire Guard server to work and looking for some help. I have followed all docs and help online and cannot find what I am doing wrong. I am hoping it is something obvious that I have missed. I have not touched any advanced settings or routing rules in the AX1800.

Here is what is happening:
The WG server appears to be running without any issue but when I try to connect a client the server never responds. Client does not produce any error message and looks like it may be connected but only shows data transmitted value increasing but data received staying at 0B. The status of WG server in AX1800 shows no clients connected. It looks like the connection request is not getting through. I already called T-Mobile and they assure me that port 51820 is not blocked by them. I get the same result on both clients, one is android phone with WG app and the other is a Windows 10 laptop also with WG app. When the clients are connecting all internet access is lost on the client device.

  • Internet router is T-Mobile 5G Inseego FX3100 with IP 192.168.1.1 and port 51820 is forwarded to IP 192.168.1.101 (AX1800). WAN IP is dynamic and changes occasionally.
  • WAN port of AX1800 is configured for static IP 192.168.1.101 (outside of router DHCP range)
  • LAN is using default IP 192.168.8.1 w/DHCP 192.168.8.100-149
  • DDNS is enabled
  • WG Server is running with IP 10.0.0.1 and 2 different clients configured

Here is a diagram of the setup:

network
network1558×431 72.7 KB

  • Here is config from one of the clients: (Android running WG app)
    [Interface]
    Address = 10.0.0.2/24,fd00:db8:0:abc::3/64
    PrivateKey = ##########TAM7YkkddnYlMqCTeyDH2mKhYeT6YUc=
    DNS = 64.6.64.6
    MTU = 1420

[Peer]
AllowedIPs = 0.0.0.0/0,::/0
Endpoint = c#####.glddns.com:51820
PersistentKeepalive = 25
PublicKey = jt9vBivjm9wkq9DKsuGsXXRPCLjNMzaZzeYyeixETEk=

  • Here is the result of DDNS Test in the AX1800:
    IP address from DDNS Domain Resolution
    IPv4 172.58.13.208
    IPv6 2607:fb90:fab6:cffc:515e:c73f:b449:4b81

    WAN Interface IP address
    Ethernet
    192.168.1.101
    Ethernet (IPv6)
    2607:fb90:fab6:cffc:515e:c73f:b449:4b81

I tried using the current IP of the 5G router in the client config instead of the DDNS link but with the same result, no response.

I did try also setting up the OpenVPN server and client but it also never connected.
Thanks for any help.

2

5G does not support port forwarding / VPN servers due to CGNAT. This is by design of cellular networks.

Other way would be to try VPN over IPv6 only. But this might create a hugh mess because IPv6 is not completely supported yet.

2 Likes