GL-SFT1200 - Fritzbox 7530 WireGuard not succeeding


I’m trying to establish a Wireguard connection from my Opal router to the Fritzbox, in order to be able to access the internet as from the Fritzbox.

Opal is connected to the internet via a mobile doing hotspot over 5Ghz.

FB is the server, and I am trying to use the Opal as an agent.

This is the config file that I get from the FB:

PrivateKey = [PK here]
Address = <-- Opal's internal network
DNS = <-- FBs gateway
DNS = <-- I remove this before pasting

PublicKey = [PK]
PresharedKey = [PSK]
AllowedIPs = <-- FBs LAN
Endpoint = [ID][port]
PersistentKeepalive = 25

My provider supports both IPv4 and IPv6, and I have tested to disabled the v6, with no success.

Connecting to the FB via a single client works fine, but pasting the above config to the Wireguard client in Opal leaves the connection with a orange button.

Any suggestions?

EDIT: Checked again. Disabling IPv6 in the routers is completely blocking the access from the outside.
It looks like the provider is using DS-lite.

Is it possible to make it work?

For Fritzbox when choosing:
Which WireGuard® connection would you like to set up?
Please choose:
Connect a single device

That way,

Address = <-- Opal's internal network


Address = 192.168.178.x/24 <-- Opal's internal network

“Address” should be the tunnel address of wireguard, if it’s, will conflict with Opal br-lan interface.

Thanks @hansome , I eventually made this work, after tweaking some IPv6 settings, and installing all the needed ipv6 packages.

It is connecting and working fine now.

The main problem that I am facing is that my Fritzbox is loosing it’s cgnat binding, probably after some period of inactivity, and after that, it is impossible to connect to it.
Can you suggest any workarounds for it? Probably something that pings or sends http requests to the endpoint maybe?

With the parameter “PersistentKeepalive”, there’s already traffic to make it active. Even without keepalive, wireguard will exchange keys for not very long time.
So it could be other issues.

Do you mean install ipv6 packages on SFT1200?
If you can give more details about your setting, I can test it with my Fritzbox 7530.

@hansome yes, I installed 6to4, 6in4, and 6rd packages on SFT1200, and also enabled IPv6.

However, I’m afraid that you are right and it is something else indeed.

I am using the Fritzbox provided “Internet Access” service, that is supposed to give access to the endpoint that I put in Interface configurations:
Endpoint = [ID][port]

However, since the Fritzbox is sitting behind a CGNAT, it never provides a valid IPv4 to this endpoint, and the tunnel is always established over the IPv6. This seems to be the reason why I can’t connect to it when I am in IPv4 only networks, or when I disable IPv6 in the SFT1200.
This turns this in a major blocker, as I was planning to use the SFT1200 to connect from IPv4 only networks. Any suggestions of proven solutions about this?

1 Like

What internet provider are you using?
Do they offer dedicated IPv4 addresses, maybe?