I’m using firmware 4.1 release6 clean install.
First I enabled DDNS. Then I configured a Wireguard server and created a profile pointing to the DDNS as endpoint. Used the QR code to create the tunnel on the Android phone and all works as expected.
Then I configured a Wireguard client on the router and it works well (advertised speed) with the provider.
So, I have one Wireguard server and one client at this point. Now I cannot connect to the server anymore from my Android device.
I went ahead and created a second profile for the server and this time around the endpoint shows my Wireguard client IP (wgclient) instead of the ISP’s IP (eth0). Certainly this profile doesn’t connect from the Android device.
What am I missing here? If a Wireguard client is enabled on the router the server cannot be accessed anymore? Any suggestion?
I think it is the wg client that is causing your DDNS domain to point to the provider’s server. Do you have “Services from GL.iNet don’t Use VPN” enabled in the global options?
Does DDNS work when WireGuard client is enabled?
For example: Can the admin panel be accessed with the domain? Does it resolve to the correct IP when ping?
DDNS does not work when the WireGuard client is enabled. For example pinging the DDNS from a different network shows the correct IP address (the ISP). However, if I enable HTTPS access on the DDNS panel that does not work from a different network.
Also, when creating another WireGuard server access profile, the endpoint shows as the WireGuard client IP and ceratinly doesn’t work. If I use the DDNS as endpoint it also does not work.
Correct - that’s where the problem starts.
If only running the server, it can be properly accesses from any of the created profiles on both the endpoint as IP or DDNS.
I’ve done more testing with this solution. It only partially works; I’ll explain:
after adding the fwmark option to the file as suggested, I can access the server even if the Wireguard client is active.
however, adding a new profile (client) to the server with the Wireguard client active will still show the Wireguard client IP instead of the ISP’s IP
after importing the configuration to the smartphone and changing the endpoint to the ISP IP it works (and it did not before adding the fwmark option)
the same applies to the *.glddns.com DDNS - it will show the Wireguard client IP. A 3rd party DDNS configured through LuCI correctly shows the ISP IP and works well.
So, while this works with the mentioned adjustments it’s more like a workaround than a solution.
PS - all the above were tested on Flint with f/w 4.1 stable.