I'm trying to give a cheap GL.iNet to family in a different location to hook into their router to allow me to reverse VPN to their location to teleport my TV network traffic to their region. My video provider has started sniffing out known public VPN IP addresses. My family isn't super tech savvy, so having them set up port forwarding so that they are the server isn't really possible. I'm trying something similar to this community post (Site to Site VPN to UNIFI UDM Pro), but wanted to try to enable with Wireguard.
The first part of this setup is to have the GL.iNet router as a client to connect to the UDM Wireguard server. The server was set up and a config file generated (attached). I was able to use this config file along with the official Mac client (find on Apple app store) to connect to the server.
However, when I try to connect with the GL.iNet device, I get the following error:
Sat Jan 4 12:37:47 2025 kern.info kernel: [ 1040.487412] wireguard: wireguard-hotplug IFNAME=wgclient ACTION=REKEY-TIMEOUT
I have tried SSH to both UDM (server) and GL.iNet (client) to directly configure the setup. My buddy claude.ai ran out of tokens trying to help me as well. Here is the respective config on both sides.
Config file (note, both sides have been torn down by now)
[Interface]
PrivateKey = cFNCca[redacted]mqQP2DI2RP/ZqIzB76MAuLsmY=
Address = 192.168.4.2/32
DNS = 192.168.4.1
[Peer]
PublicKey = 32n6dX[redacted]eem/6yIZyQgqClqqFAEiiTnemQ=
AllowedIPs = 192.168.4.1/32,192.168.4.2/32,0.0.0.0/0
Endpoint = [hidden].freeddns.org:9456
SERVER wg show
root@Dream-Machine-Pro-Max:~# wg show all
interface: wgsrv1
public key: 32n6dX[redacted]eem/6yIZyQgqClqqFAEiiTnemQ=
private key: (hidden)
listening port: 9456
peer: MjL2Nyv2[redacted]JQH8OgmQMrMve1rs9Ol7wiI=
endpoint: 192.168.1.234:42702
allowed ips: 0.0.0.0/0
latest receive: 3 seconds ago
transfer: 35.70 KiB received, 104.57 KiB sent
forced handshake: every 10 seconds
CLIENT wg show
root@GL-SFT1200:~# wg show
interface: wgclient
public key: MjL2Nyv2[redacted]JQH8OgmQMrMve1rs9Ol7wiI=
private key: (hidden)
listening port: 45746
peer: 32n6dX[redacted]eem/6yIZyQgqClqqFAEiiTnemQ=
endpoint: [my internet facing IP address]:9456
allowed ips: 0.0.0.0/0
transfer: 0 B received, 296 B sent
persistent keepalive: every 25 seconds