GL-MT2500 VPN Server(s) not listening on ports

Try as I may… I can’t seem to get either the OpenVPN or Wireguard VPN servers workings on a GL-MT2500 running version OpenWrt 21.02-SNAPSHOT r15812+885-46b6ee7ffc

In summary:

  • GL-MT200 is a behind a Edgerouter 4
  • The Edgerotuer 4 is forward traffic to ports UDP/1194 and TCP/ to the GL-M500, but I’m not seeing any traffic on the device.
  • To test I put the same forwarding config in to hit a Rasperry Pi web server, no problem at all.

I’ve tried:

  • GL-MT2500 on a separate network with the WAN port connected to the EdgeRotuer
  • GL0MT2500 on the same LAN as the Rasperry Pi
  • GL-MT2500 now in ‘drop in gateway mode;

What does stand out is the GL-MT2500 is showing the VPN servers are running, but ‘sudo lsof -i -P -n | grep LISTEN’ would suggest the services aren’t listening:

dropbear 2357 root 3u IPv6 6547 0t0 TCP *:22 (LISTEN)
dropbear 2357 root 4u IPv4 6548 0t0 TCP *:22 (LISTEN)
nginx 4338 root 5u IPv4 8876 0t0 TCP *:80 (LISTEN)
nginx 4338 root 6u IPv6 8877 0t0 TCP *:80 (LISTEN)
nginx 4338 root 7u IPv4 8878 0t0 TCP *:443 (LISTEN)
nginx 4338 root 8u IPv6 8879 0t0 TCP *:443 (LISTEN)
nginx 4393 root 5u IPv4 8876 0t0 TCP *:80 (LISTEN)
nginx 4393 root 6u IPv6 8877 0t0 TCP *:80 (LISTEN)
nginx 4393 root 7u IPv4 8878 0t0 TCP *:443 (LISTEN)
nginx 4393 root 8u IPv6 8879 0t0 TCP *:443 (LISTEN)
nginx 4394 root 5u IPv4 8876 0t0 TCP *:80 (LISTEN)
nginx 4394 root 6u IPv6 8877 0t0 TCP *:80 (LISTEN)
nginx 4394 root 7u IPv4 8878 0t0 TCP *:443 (LISTEN)
nginx 4394 root 8u IPv6 8879 0t0 TCP *:443 (LISTEN)
dnsmasq 21608 dnsmasq 7u IPv4 42471 0t0 TCP 10.8.0.1:53 (LISTEN)
dnsmasq 21608 dnsmasq 9u IPv4 42473 0t0 TCP 192.168.8.1:53 (LISTEN)
dnsmasq 21608 dnsmasq 11u IPv4 42475 0t0 TCP 192.168.125.201:53 (LISTEN)
dnsmasq 21608 dnsmasq 13u IPv4 42477 0t0 TCP 127.0.0.1:53 (LISTEN)
dnsmasq 21608 dnsmasq 15u IPv6 42479 0t0 TCP [fe80::73bd:5da7:2fad:cb09]:53 (LISTEN)
dnsmasq 21608 dnsmasq 17u IPv6 42481 0t0 TCP [::1]:53 (LISTEN)

In luci is see the dreaded words next to both VPN type interfaces:

Unsupported protocol type.
Install protocol extensions…

In a bit of desperate attempt, as I don’t really need to to firewall, I took on the firewall rules (not IPTables, the firewall zone rules) which didn’t help either.

Please can you advise where I’m going wrong and help get this working as it should?

I’m happy to rebuild and configure with CLI (actually would prefer) or through a script.

I’ve reset the device and will reset the firmware, then try to rebuild but I must be missing something really simple/obvious as can’t see this being this difficult.

Any ideas would be greatly apprecaited.

What does /etc/init.d/openvpn status says?

Are you using the GL iNET firmware (if yes, which version?) or plain OpenWrt?