Disappointed that VPN client & server cannot be active together

Hi Alzhao, I did try that option. the issue is when I add custom routing rule for WG server say point it to my public IP. i do see the what you are seeing but at the same time WG client
(mullvad) is bypassed(whats my IP shows my own Public IP instead of mullvad server IP.) the custom routing is not working as intended.

We will add some options for vpn cascading. So let’s close this thread for now.

Hi, I’m facing the same problem.
Do you have a solution for it?
My WG server should not use the WG client connection.

Sorry, what is the problem? Should not, could not or something else?

When I have the WG Client on AXT1800 connected, I can not connect my smartphone to the WG Server on the same AXT1800 device.
I only can connect to the WG Server on the AXT1800 when I turn off the WG Client.

Pls check this post VPN Cascading on GL.iNet routers

Pls upgrade firmware to 4.1.1 and later. Better 4.2.

Ok, I want to do exactly the opposite of Cascading.
But for sure is not working properly on the 4.1.
There is a list of knowing bugs of 4.2? I need to update the kernel and the fw?
I need to do the configuration again?


Cascading is an option that you can turn it on or off. So that is what you need. We have internal records of bugs only.

I should update Kernel to 5.4 also? Before flash the 4.2 firmware?

No. You only need to upgrade to 4.2

Now its working fine.
Thank you!

You know is there is a bug on the external http/https/ssh?
This function Im not able to use yet.

Can you describe details? I don’t know this.

Yes, first I need to thank you for the support.
I forward the ports 22/80/443 to the AXT1800 local IP at the modem, as I did with the Wireguard port (that is working fine now with Client/Server at version 4.2 beta2).
And set this options attached.

But I can not access the AXT outside home using the 4g for example.

Wow, that’s great ! Many thanks ! I upgraded to 4.2.0 beta2 and it’s working fine ! That should pretty much solve the topic.
However I noticed that for some reason, the Wireguard client seems to stop working after a few hours, it is in yellow status “Client is starting, please wait…” and I need to manually stop and re-start it so it can work again… I need to check further on this issue, I was on phone the few times it happened and the logs were pretty difficult to read there.

I have another question though: is it possible to cascade other LAN services as well ? My question is related to this topic: LAN device cannot request itself through WAN IP and port forwarding - #14 by DuxBellorum
I noticed that I can reach my local services using my non-VPN public IP address, only if the VPN client is inactive. When I’m activating it, it doesn’t work anymore (and I assumed it is the reason why I couldn’t reach the VPN server as well while the VPN client was on). But while I’m not owning the remote VPN server the router’s WG client is connecting to, I cannot choose the ports opened there so I would like that my local services are still available using non-VPN public IP address, even with the VPN client active. Does this sound feasible ?

Just a silly question, but are you trying to reach your router using its LAN IP address ? Like ? Because your DDNS address should now resolve as the IP address of the VPN provider you’re connected to, and it’s unlikely that the ports 22/80/443 at this address redirect to your home.

By the way, I think that with a VPN connection active between your device and your AXT, you don’t need remote accesses anymore, because it makes you inside the LAN already.

There is no known bug for ddns and access using http, https and ssh.

As you can use as wireguard server, the ddns should work. Can you verify if the ddns is resolved to correct IP first?

Pls note, as you use vpn client on the router, you have to choose “do not use vpn for glinet services”. If not, then the ddns will resolve to your vpn server IP, not your ISP IP.

Yes, I’m using the DDNS address as I’m not connected with the Wifi.
The reason I want the http/https/ssh connection is if I need to change some configuration or reboot the VPN remotely, I will be able to do that.

1 Like

Yes, the DDNS is being resolved to the right IP.

It should work. Can you change the ports in port forward settings?

2222 to 22
8080 to 80
4433 to 443

Nothing, probably is something related with my router so.
If you don’t relate any problem.
I will try to disable the Wireguard and test it again, just to make sure.