GL-MT3000 Beryl AX - VPN Wireguard

I purchased a Beryl AX as suggested. Now my configuration is a Fritz!Box provided by my provider with IP addressing to the LAN and the Beryl getting from the FRitz!Box and to the home LAN providing addresses 192.168.8.x.
If I wanted to activate Wireguard VPN on the Beryl is this possible? What configuration should I use?
The FritzBOX does not allow me to create a DMZ towards the Beryl for which I have, however, used the Fritz’s “enable automatic ports” service.
Because I have tried but the device connecting remotely on the VPN does not work

This is a quick diagram:
Internet wan ------- (Internet IP address) Fritz!Box (192.168.1.x) ----- ( Beryl AX (192.168.8.x) ----- Domestic LAN and WLAN

Beryl created the wireguard server with the following addressing: with associated port 51xxx

I hope you can understand the problem and that there is a solution.
Many thanks

AVM offers a “built-in” WireGuard server as of FritzOS 7.50

Yes, but it is provider router…
I would like to create the VPN on the Beryl AX so that I have my own configurations on my personal router and can change providers without any problems.
Especially if the next provider gives me a blocked router or one without the wireguard server.

If you’re able to run dynamic dns (ddns) on your WAN facing router, the way to do it would be to enable port forwarding on the WAN router to forward port 51820 to the same on (the gl.inet router running wireguard server) and replace the IP address with your ddns address on the client device.

The provider provides me with a static IP address and therefore I don’t need a DDNS service.
I have tried this solution but the Fritz!Box tells me that 'An error has occurred. The IP address ( is not available".
But is the static IP address I gave to the WAN of Beryl AX

I dont understand this error…

Are you able to view connected devices MAC addresses in the Fritzbox UI? It’s possible you’re not able to set static routs and forward ports to DHCP clients, and the assigned IP may be within the DHCP IP range. I’m sorry I’m not familiar with their product. If you are able to view connected devices by MAC address, you could set a static IP for the MAC of the GL router on the Fritzbox and return the GL router to DHCP. The Fritzbox should assign it the static IP you set before, which can be confirmed on the GL web UI. If the Fritz router can see the connected GL router and create a static route to it, port forwarding should work.

I solved it! The problem was related to the Fritz!Box provided by the provider, which was blocked in some configurations.
I unlocked these parameters by changing a few things in the firmware.
I tried Port-Forwarding but still had problems so I put the IP Address of the Beryl AX in a kind of DMZ of the Fritz!Box and now everything works correctly.

Many thanks!

1 Like

Glad to hear! Thanks for the update — I’ve been looking for a solution to a somewhat similar issue reliably accessing a wireguard server on an openWRT device behind a glinet router and you just gave me a new idea to try.