GL-AXT1800 (Slate AX): Wireguard client connect error (REKEY TIMEOUT)

How exactly do you think the gl-inet router is supposed to figure out what the “dynamic” server port is? Magic?

You’ve got to specify one endpoint IP/port. You can specify both, but you are required to specify at least one, and it’s got to be the one that is not initiating the connection. Set a fixed port on your Ubuntu server and be done with it.

Well if the client does not set a port the servers set it.
I never set a client listen port on either peer, this CAN be done by magic on the handshake. Like it is done with other client devices.


No, it really can’t.

There might be other things going on with the router
where the port needs to be known, but the original
connection needs very little information that is a bragging point of wg. The client listen port (or ip of course) is not
part of that info.


Look… clearly you obviously understand this better than I do, but if you want Wireguard to listen, you have to specify a port. If you want it to respond to the handshake at all, you have to actually send the handshake to the port it’s listening to. If you don’t know what that port is, there’s no way to divine it except by trying all 65k UDP ports hoping you get lucky. Which isn’t a great plan.

Hi Jdub,

I think we are getting our ports mixed up ;p

The clientpeer … needs the server ip/port
The serverpeer needs only clientpubkey and that
might be all. But to specify what virt ip going to be used is good to see what clients/devices hooked up.


If you specify a listen port on the client side (optional) it will also use that port to connect from the client side.

So if Server is and client is, you’ll get a random port on the client side connecting in.

If server is and client is, the client will connect from port 5555 to server’s 4444.

Hi Jdub,

Lets put it this way, this is a “travel router” so the
client IP is dynamic. The client port can be dynamic too.
Alz will reply with reasons why it needs to be static. As he hinted to in prev post.

I just asked for a toggle. Like the only reason Im here
is because I like the on/off vpn button on the side :stuck_out_tongue_winking_eye:

Looking for my copy of visio ill get back with a diagram.


If you don’t specify a listen port on the client side, it will be dynamic. At least that’s how it works with all of my wireguard clients. But again, we’ve established that you understand this stuff better than I do. Are you seeing different behavior?

Hi Jdub

Right, If i delete it glnet repopulates it. It lets me edit it.
but not delete. Then I need to get it new one from server no big deal. I will specify it and all good, but if it could be dynamic and not saved on router. One less config line.’
Ive only playing with this wg for a bit but the less is more I like over others.

If you never specify it you won’t have a problem (or at least, I don’t). Have you tried manually deleting it in the raw configuration file?

Hi Jdub,

Yes that’s a good Idea, next time Ill just delete the config
and add a new one w/o listen port. Deleting the line did not work.


I never set a listen port, glnet writes it to config.


removing listen port option from the main config on router, then change permissions of that file.
Work around for now. All dynamic on the the wire… :stuck_out_tongue_winking_eye:

Sorry this is really hijack thread should be “wireguard dynamic listen port”