Thu Nov 30 10:16:34 2023 daemon.notice netifd: Interface 'wgserver' is setting up now
Thu Nov 30 10:16:35 2023 daemon.notice netifd: Interface 'wgserver' is now up
Thu Nov 30 10:16:35 2023 daemon.notice netifd: Network device 'wgserver' link is up
Thu Nov 30 10:16:35 2023 user.notice mwan3[9020]: Execute ifup event on interface wgserver (wgserver)
Thu Nov 30 10:16:35 2023 user.notice mwan3[9020]: Starting tracker on interface wgserver (wgserver)
Thu Nov 30 10:16:38 2023 user.notice firewall: Reloading firewall due to ifup of wgserver (wgserver)
Thu Nov 30 10:30:24 2023 daemon.notice netifd: Network device 'wgserver' link is down
Thu Nov 30 10:30:25 2023 user.notice mwan3[26774]: Execute ifdown event on interface wgserver (unknown)
Thu Nov 30 10:30:25 2023 daemon.notice netifd: Interface 'wgserver' is now down
Thu Nov 30 10:30:25 2023 user.notice firewall: Reloading firewall due to ifdown of wgserver ()
Thu Nov 30 10:31:02 2023 daemon.notice netifd: Interface 'wgserver' is setting up now
Thu Nov 30 10:31:03 2023 daemon.notice netifd: Interface 'wgserver' is now up
Thu Nov 30 10:31:03 2023 daemon.notice netifd: Network device 'wgserver' link is up
Thu Nov 30 10:31:03 2023 user.notice mwan3[29641]: Execute ifup event on interface wgserver (wgserver)
Thu Nov 30 10:31:03 2023 user.notice mwan3[29641]: Starting tracker on interface wgserver (wgserver)
Thu Nov 30 10:31:06 2023 user.notice firewall: Reloading firewall due to ifup of wgserver (wgserver)
hi,
Please try to add configuration via file, and replace address of “Endpoint” with LAN address(default is 192.168.8.1). And run commands below to allow traffic from wgserver to lan, which can refer to No internet access via Brume2 - #16 by hansome
uci set firewall.wgserver2lan=forwarding
uci set firewall.wgserver2lan.src='wgserver'
uci set firewall.wgserver2lan.dest='lan'
uci set firewall.wgserver2lan.enabled='1'
# set LAN masquerading
uci set firewall.@zone[0].masq='1'
uci set firewall.@zone[0].masq6='1'
uci commit firewall
/etc/init.d/firewall reload
I tried what you said replacing the ip with local one and it did not work connecting from LTE (as expected I guess)
But it works if I connect using the router WIFI of course but that defeats the purpose of the vpn right ?
I guess it confirm the VPN works in theory but is just not working on WAN.
So I guess it might work after inputing the commands above ? but where do I input them? is there a console access somewhere or I must SSH ?
@admon whaaatt ??? Im no expert but that makes no sense to me… What is the point of a VPN if you cannot access it by WAN ? how do you access you lan devices from anywhere ? Do I use OpenVPN then ? Also I can run mullvad VPN on the phone using wireguard…
On side note I even tried using another wifi (so no LTE) from my phone and it does not work…
So you have to use some VPN for getting around (How to Port Forward on Starlink & bypass CGNAT gateways | this is not a recommendation, just a information) it or trying ZeroTier (In fact I am not sure if it will help, since I can’t test with an CG-NAT device here, but just checking it out won’t hurt)
@admon this is really disheartening; thank you for your insight; I will lookup at this cgnat issue a bit more in depth.
But that does not explain why it still does not work in repeater mode through regular ISP (it should right ?)
and what is the point of GL-inet offering a feature on a premium TRAVEL router that cannot work the way it is intended. I mean what is the point of having your own vpn that only works in LAN ?
I also tried ZeroTier but I don’t like this kind of obsucre service and it does not work either.
You have to have the ability to ensure the default port for WG Server’s 51820 is able to accessed from the Public Internet. CGNAT isn’t public, as you know.
If 51820 can’t be reached by anyone on the 'net to the ISP’s modem, then no traffic will be able to connect to the GL device’s running WG Server instance.
WG Client mode is used when travelling; it does not require an incoming port to be opened before using it (eg: connecting to Surfshark, Mullvad, IVPN, Proton VPN, etc.)
Why it does not work in repeater mode either (no CGNAT there) and why offer a VPN SERVER on a travel router when you know it will not work… ?
How does anyone access their IOT devices using Spitz AX if you cannot port forward while traveling ? I mean in 2023 it seems like a trivial thing to do ? What am I missing here ?
Would be great to have a clear answer from Gl.inet staff also
WG Server works in Repeater mode. It requires the Upstream Router to forward all incoming traffic to port 51820 to the GL device just as an ISP’s modem requires.
You can’t go through a door if it’s locked shut.
I am in repeater mode;
I check on a website that I am going through the isp; all ok
cannot connect to vpn server
so I go to a port checker and indeed port 51820 for the wireguard server is CLOSED. Is there a problem there ? is the router supposed to open it or should I do that manually ?
You don’t need to manually open ports on the GL device acting as the WG Server; the GL GUI handles that all for you.
I think you should try replicating a far more simplified Client/Server setup before introducing WAN/ISP IPs or LTE. Here, substitute my Certa for a mobile phone running the WireGuard application in the following HOW-TO & this should be as straightforward as it gets:
Then we can make the necessary modifications regarding outside/Internet-side connectivity.