Been banging my head against the keyboard all day trying to get WireGuard to work with NordVPN on the AXT1800. OpenVPN works fine. But every config I've tried for Wireguard fails with the same situation of the ACTION=REKEY-GIVEUP
I've run the following to get the same private key (nordlynx_private_key) value returned as from the repo code:
curl -s -H "Authorization: token:{myaccesstoken}" https://api.nordvpn.com/v1/users/services/credentials
Still all configs I try fail with the same error. Any ideas?
Sample log:
Mon Jul 14 15:58:32 2025 daemon.notice netifd: Interface 'wgclient' is setting up now
Mon Jul 14 16:00:16 2025 user.notice wireguard-debug: USER=root ifname=wgclient ACTION=REKEY-GIVEUP SHLVL=2 HOME=/ HOTPLUG_TYPE=wireguard LOGNAME=root DEVICENAME= TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin PWD=/
Mon Jul 14 16:00:16 2025 daemon.notice netifd: Interface 'wgclient' is now down
Mon Jul 14 16:00:16 2025 daemon.notice netifd: Interface 'wgclient' is setting up now
Mon Jul 14 16:00:17 2025 user.notice firewall: Reloading firewall due to ifdown of wgclient ()
Mon Jul 14 16:02:00 2025 user.notice wireguard-debug: USER=root ifname=wgclient ACTION=REKEY-GIVEUP SHLVL=2 HOME=/ HOTPLUG_TYPE=wireguard LOGNAME=root DEVICENAME= TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin PWD=/
Mon Jul 14 16:02:00 2025 daemon.notice netifd: Interface 'wgclient' is now down
Mon Jul 14 16:02:00 2025 daemon.notice netifd: Interface 'wgclient' is setting up now
Mon Jul 14 16:02:00 2025 user.notice firewall: Reloading firewall due to ifdown of wgclient ()
Mon Jul 14 16:03:44 2025 user.notice wireguard-debug: USER=root ifname=wgclient ACTION=REKEY-GIVEUP SHLVL=2 HOME=/ HOTPLUG_TYPE=wireguard LOGNAME=root DEVICENAME= TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin PWD=/
Mon Jul 14 16:03:44 2025 daemon.notice netifd: Interface 'wgclient' is now down
Mon Jul 14 16:03:44 2025 daemon.notice netifd: Interface 'wgclient' is setting up now
Mon Jul 14 16:03:44 2025 user.notice firewall: Reloading firewall due to ifdown of wgclient ()
Just an FYI for anyone who may come across this.
Applies to glinet firmware version 4.6.11, unsure what others may have the same issue.
I figured out a way, but its not obvious or clear as to why it works, assuming the domain difference influences WireGuard? The glinet router admin console via a web browser only shows limited options for WireGuard (does not list NordVPN). The glinet app on iPhone shows all of the WireGuard options including NordVPN. You can setup a WireGuard client with NordVPN on the app and it automatically publishes it to the AXT1800 with a "FromApp" group. That connection works. The profile is identical to what I've tried 20 other times, including the private key (exactly the same as I've used many times over). The only distinct difference is the endpoint which has a nordhold.net domain that is different than the config options given online or through the code repo I mentioned earlier which all use nordvpn.com. So I assume these may be WireGuard (NordLynx) specific domains on NordVPN.
Here is a sample working profile:
[Interface]
Address = 10.5.0.2/16
PrivateKey = {same private key I've been using}
DNS = 103.86.96.100
One more addendum in terms of workflow I'm using now...
Start your GL-AXT1800 with its repeater wifi available broadcasting it's SSID (this is part of the general setup, however you do it whether through a local machine or through your phone. Assumption is you do not have any NordVPN WireGuard client currently running/configured)
Connect to GL-AXT1800 wifi SSID from your phone
Open the glinet app and connect to the GL-AXT1800 router on that app
Use the glinet app on your phone to select the NordVPN WireGuard client. This will select the closest/fastest (I assume) and auto publish it to your GL-AXT1800
Connect other devices to your GL-AXT1800 that now has the NordVPN WireGuard client running on it from the step above.
In the event you need to reconnect or want to connect to a different NordVPN endpoint, use the app to select the NordVPN WireGuard Client again (search through locations, etc) and it will do #4 above again and auto publish back to the GL-AXT1800 with the latest you selected.