GL-AR300M WireGaurd Client cannot connect to server

virtual · May 1, 2024, 6:16am

Setting up Gl-AR300M Wiregaurd client at my remote location and trying to connect it to my server, am not able to connect and following is the log. Help much appreciated.

daemon.notice netifd: Interface ‘wgclient’ is now down
daemon.notice netifd: Interface ‘wgclient’ is setting up now
user.notice mwan3[11986]: Execute ifdown event on interface wgclient (unknown)
user.notice firewall: Reloading firewall due to ifdown of wgclient ()
user.notice wireguard-debug: USER=root ifname=wgclient ACTION=REKEY-GIVEUP SHLVL=1 HOME=/ HOTPLUG_TYPE=wireguard LOGNAME=root DEVICENAME= TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin PWD=/
daemon.notice netifd: wgclient (14514): [!] Section @forwarding[0] is disabled, ignoring section
daemon.notice netifd: wgclient (14514): [!] Section @forwarding[1] is disabled, ignoring section
daemon.notice netifd: wgclient (14514): [!] Section nat6 option ‘reload’ is not supported by fw4
daemon.notice netifd: wgclient (14514): [!] Section gls2s option ‘reload’ is not supported by fw4
daemon.notice netifd: wgclient (14514): [!] Section gls2s specifies unreachable path ‘/var/etc/gls2s.include’, ignoring section
daemon.notice netifd: wgclient (14514): [!] Section glblock option ‘reload’ is not supported by fw4
daemon.notice netifd: wgclient (14514): [!] Section vpn_server_policy option ‘reload’ is not supported by fw4
daemon.notice netifd: wgclient (14514): [!] Automatically including ‘/usr/share/nftables.d/chain-pre/mangle_output/01-process_mark.nft’
daemon.notice netifd: wgclient (14514): [!] Automatically including ‘/usr/share/nftables.d/chain-post/mangle_output/out_conn_mark_restore.nft’
daemon.notice netifd: wgclient (14514): DROP all opt – in * out * 0.0.0.0/0 → 0.0.0.0/0 match-set GL_MAC_BLOCK src
daemon.notice netifd: wgclient (14514): Failed to parse json data: unexpected character
daemon.notice netifd: wgclient (14514): uci: Entry not found
daemon.notice netifd: wgclient (14514): cat: can’t open ‘/tmp/run/wg_resolved_ip’: No such file or directory
daemon.notice netifd: Interface ‘wgclient’ is now down
daemon.notice netifd: Interface ‘wgclient’ is setting up now

admon · May 1, 2024, 7:19am

What is your WG router? Ports are reachable?
No network conflicts? (It’s f.e. not allowed to use 192.168.8.x on both sides)

virtual · May 1, 2024, 8:16am

I have done port forwarding in my router and then GL router as Server.
Client is also behind a router, do i need to have a portforwarding befor the client too?

virtual · May 1, 2024, 8:31am

It’s f.e. not allowed to use 192.168.8.x on both sides → how do i make sure of this ?

admon · May 1, 2024, 8:31am

By checking the configuration of your router.

virtual · May 7, 2024, 8:03am

in the router portforwarding, port number was from the Glinet admin page 51820 and IP was the one which was on the internet connection of Glinet admin page. was it right ? I am still struggling to connect via Client

admon · May 7, 2024, 8:18am

Since you don’t expose data, I can only assume that you are right.
Port forwarding should be something like:
51280 UDP → 192.168.x.x (IP of the GL.iNet)

virtual · May 7, 2024, 8:41am

had TCP/UDP till now, will change it to UDP and check if it helps. I mean its no rocket science but i am facing problem

Also do I need to setup port forwarding on the router to which my client is connected ?

Folllowing is a snippet of my configuration of server :

[Peer]
AllowedIPs = 0.0.0.0/0,::/0
Endpoint = 192.168.x.xx:51820
PersistentKeepalive = 25

that shud be perfect right ?

admon · May 7, 2024, 12:16pm

Endpoint must be your external IP or DynDNS, not your internal IP.

virtual · May 7, 2024, 1:20pm

what do i understand by external IP?

admon · May 7, 2024, 1:21pm

The external IP of your ISP connection, so the one from the router which is connected directly to the Internet.

Go to https://ifconfig.co and copy the IP.

virtual · May 7, 2024, 1:32pm

external IP of the router where my GL iNet Server is connected ?

admon · May 7, 2024, 1:34pm

Exactly. Since this is the IP your internet connection has.

virtual · May 7, 2024, 7:48pm

by port forwarding, my router asks for internal host : I can give 192.168.1.xx and port again 51820?

virtual · May 13, 2024, 1:40pm

using fritzbox as router i could easily setup Gl.inet server using GL-AR300M but unable to do so using TCL 5G router, any hacks for this?
I did portforwarding as I did on my Fritzbox too

I get the following message : user.notice firewall: Reloading firewall due to ifup of wgserver (wgserver)

admon · May 13, 2024, 1:55pm

You want to use a cellular router as WireGuard server? So it’s connected by 5G/LTE?

virtual · May 13, 2024, 1:59pm

Yes I have cellular router and I am connecting GL-AR 300 to that and setting-up as a server

admon · May 13, 2024, 2:01pm

Won’t work.

Cellular mostly uses Carrier-grade NAT - Wikipedia - which means you can’t open ports.

virtual · May 13, 2024, 2:05pm

Sad, so it is not possible, is it ?

admon · May 13, 2024, 3:46pm

VPN itself might be possible by using Tailscale, but running an cellular router as “main” hub isn’t possible, no.