I was able to triage mine. It looks like my other WireGuard clients just “work” from within the network and show connected. If I’m in the NAT’d space for my GL.iNet device it doesn’t work.
Looking at the logs of my server (untangle) side it appears that the iOS clients aren’t really connecting when in the NAT’d space but show it as such on the iOS device. I tethered my GL to my phone so I could come in from the external IP and life is good, it’s working.
Having the same trouble with slateax wg client REKEY TIMEOUT, when it worked it was very fast to connect.
I noticed the wg server had a different client port listed on its show for the routers config.
I changed this to match on the slateax and boom, perf connection.
Hope this helps someone. I dont remember specifying the client port originally. although
much trial and errors getting things to work… If it happens again I will try just removing the listen port from slatax config this seems to be dynamic.
Since this topic appears to be getting a lot of attention, I thought I should log back in and restate one of the possible solutions to this. There are others (see Dr-reload’s post above mine).
In my case, I found that copying & pasting the configuration was introducing an unknown and unidentified change to it. I never worked out what exactly it was. However, the solution was to download the configuration file from the wireguard device you’re connecting to (in my case that’s an Unraid server) and upload that file onto your Slate.
Others have reported success using the QR code scanner.
So in summary, uploading config files and QR scans good, copy & paste might be problematic.
I changed the ListenPort under the [interface], I remember now I had trouble with the keys
through the UI so I used cli on the router to create the keypair, then the command line on the server
to create the client info, I think I just specified the client ip / pubkey not any port info.
So possibly the orig handshake fills in this info on router, then server changes this port?? not sure
still working great , just spun up another replica wg server eastcoast only changed the ip in the client config on router…I will be watching survivor at 5pm west coast ;p
My vpn is ubuntu 22 with the wireguard server installed via
intructions from man pages. The main config file it has
line to save config, Then when I add a client I only specify
the clients pubkey and the virtual client ip on command line.
This happend again, So I need to log into server and get the new port, deleteting the client listen port on the router
did not work, it was repopulated with the wrong info.
I normally would not screw with this… and fixit on router But I want to play nice with your gui, because I like the vpn on off button.
Ok I can specify the port on the server, but I like the word simple. So less is more … Any way we could turn this into
feature request. Have a toggle for dynamic port.
As other client devices seem to be working good without static.
Wireguards ideas are less client/server more peer/peer
How exactly do you think the gl-inet router is supposed to figure out what the “dynamic” server port is? Magic?
You’ve got to specify one endpoint IP/port. You can specify both, but you are required to specify at least one, and it’s got to be the one that is not initiating the connection. Set a fixed port on your Ubuntu server and be done with it.