I was able to triage mine. It looks like my other WireGuard clients just “work” from within the network and show connected. If I’m in the NAT’d space for my GL.iNet device it doesn’t work.
Looking at the logs of my server (untangle) side it appears that the iOS clients aren’t really connecting when in the NAT’d space but show it as such on the iOS device. I tethered my GL to my phone so I could come in from the external IP and life is good, it’s working.
Connection to Wireguard at home (hosted on AX1800) or Mullvad does not show the issue.
I have created a Wireguard connection profile to Cloudflare WARP (Teams) and the issue appears.
Using the same connection profile and connect from a Ubuntu PC, it just works fine.
Oh it will expire? Good to know that. I have tried WARP+ last night and it works. I am trying out WARP+ (Teams) to see the difference.
By the way I have flashed Kernel 5.4 but “REKEY” issue still exists. https://dl.gl-inet.com/?model=axt1800&type=beta
Does v4.1.0 release come with kernel 4.4, and kernel 5.4 is v4.0.3?
It seems to be a bit confusing.
I suggest to clarify the OpenWRT / GL-WRT version and Kenel version on that page.
It looks like the latest version is:
v4.1.0.with kernel 4.4
v4.1.0.with kernel 5.4
But it is:
v4.1.0.with kernel 4.4
v4.0.3.with kernel 5.4
Hello,
Having the same trouble with slateax wg client REKEY TIMEOUT, when it worked it was very fast to connect.
I noticed the wg server had a different client port listed on its show for the routers config.
I changed this to match on the slateax and boom, perf connection.
Hope this helps someone. I dont remember specifying the client port originally. although
much trial and errors getting things to work… If it happens again I will try just removing the listen port from slatax config this seems to be dynamic.
Since this topic appears to be getting a lot of attention, I thought I should log back in and restate one of the possible solutions to this. There are others (see Dr-reload’s post above mine).
In my case, I found that copying & pasting the configuration was introducing an unknown and unidentified change to it. I never worked out what exactly it was. However, the solution was to download the configuration file from the wireguard device you’re connecting to (in my case that’s an Unraid server) and upload that file onto your Slate.
Others have reported success using the QR code scanner.
So in summary, uploading config files and QR scans good, copy & paste might be problematic.
I changed the ListenPort under the [interface], I remember now I had trouble with the keys
through the UI so I used cli on the router to create the keypair, then the command line on the server
to create the client info, I think I just specified the client ip / pubkey not any port info.
So possibly the orig handshake fills in this info on router, then server changes this port?? not sure
still working great , just spun up another replica wg server eastcoast only changed the ip in the client config on router…I will be watching survivor at 5pm west coast ;p
No Pre shared keys, 7 active lines in router config, I specified 4 or 5.
then on server run one command to specify only client(router) virt ip and pubkey.
Then the server saves that configuration.
The client listen port is just a udp port number that is usable. For the router it needs to fix the port number otherwise it has problems. For pc there is no need.
What is your device for wireguard server?
The Listen Port should be a port in the Wireguard Client side and should have nothing to do with the server side.
My vpn is ubuntu 22 with the wireguard server installed via
intructions from man pages. The main config file it has
line to save config, Then when I add a client I only specify
the clients pubkey and the virtual client ip on command line.
This happend again, So I need to log into server and get the new port, deleteting the client listen port on the router
did not work, it was repopulated with the wrong info.
I normally would not screw with this… and fixit on router But I want to play nice with your gui, because I like the vpn on off button.
Ok I can specify the port on the server, but I like the word simple. So less is more … Any way we could turn this into
feature request. Have a toggle for dynamic port.
As other client devices seem to be working good without static.
Wireguards ideas are less client/server more peer/peer
How exactly do you think the gl-inet router is supposed to figure out what the “dynamic” server port is? Magic?
You’ve got to specify one endpoint IP/port. You can specify both, but you are required to specify at least one, and it’s got to be the one that is not initiating the connection. Set a fixed port on your Ubuntu server and be done with it.