Fail to start wireguard when use multiple network interfaces in GL-AR150


Im using GL-Ar150 to offer a wifi that connect to my wireguard server in AWS to be possible to use wireguard in all networks of gl-ar150 (LAN and WWAN).


config interface ‘lan’
option type ‘bridge’
option ifname ‘eth1’
option proto ‘static’
option hostname ‘GL-AR150-60d’
option netmask ‘’
option ip6assign ‘60’
option ipaddr ‘’

config interface ‘wan’
option ifname ‘eth0’
option proto ‘dhcp’
option hostname ‘GL-AR150-60d’
option dns ‘’
option peerdns ‘0’

config interface ‘wwan’
option _orig_ifname ‘wlan0’
option _orig_bridge ‘false’
option proto ‘dhcp’
option hostname ‘GL-AR150-60d’


config proxy
option main_server ‘vpn’
option enable ‘1’

config peers ‘wg_peer_2794’
option name ‘vpn’
option listen_port ‘49258’
option dns ‘’
option end_point ‘MyIP:51820’
option allowed_ips ‘’
option persistent_keepalive ‘25’
option address ‘’
option private_key ‘xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx’
option public_key ‘xxxxxxxxxxxxxxxxxxxxxxxxxxx’


config servers
option local_ip ‘’
option local_port ‘51820’
option enable ‘0’

I can start service but fail to use network showing a:

PING ( 56 data bytes
ping: sendto: No error information

Seems that lose connectivity and now I’m not sure which more tests I can do to work. If I remove wlan part or LAN part it goes well. Checking iptables and filtering by wg0

-A INPUT -i wg0 -m comment --comment “!fw3” -j zone_wireguard_input
-A FORWARD -i wg0 -m comment --comment “!fw3” -j zone_wireguard_forward
-A OUTPUT -o wg0 -m comment --comment “!fw3” -j zone_wireguard_output
-A zone_wireguard_dest_ACCEPT -o wg0 -m conntrack --ctstate INVALID -m comment --comment “!fw3: Prevent NAT leakage” -j DROP
-A zone_wireguard_dest_ACCEPT -o wg0 -m comment --comment “!fw3” -j ACCEPT
-A zone_wireguard_src_ACCEPT -i wg0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment “!fw3” -j ACCEPT

Can be a problem with default parameters? I don’t know where can fail

May I see your routing rules? Please execute the following command

ip rule
ip route -n