How to set up GLiNet as wireguard client?

bogardon · November 9, 2024, 8:13am

Hi,

I have a GLiNet travel router that I'd like to use as a wireguard client to transparently route all traffic through my wireguard server I have set up at home. Basically I'd like all clients connected to my glinet travel router to appear as if they are connecting from home.

My current conf files look like this:

# server (some server on my home network)
[Interface]
Address = 10.0.0.1/24
PrivateKey = ...
ListenPort = 51820

[Peer]
PublicKey = ...
AllowedIPs = 10.0.0.2/32

#client (GLiNet)
[Interface]
Address = 10.0.0.2/32
PrivateKey = ...
MTU= 1420

[Peer]
AllowedIPs = 0.0.0.0/0
Endpoint = ...:51820
PublicKey = ...

The problem I'm having now is that though the tunnel can be established, I cannot actually reach the internet from any client connected to my glinet router. I think I need an additional step to tell the server how to route traffic from the wireguard tunnel back out to the internet, but I'm unsure how to do this. It seems like this would be a common use case of wireguard, so hopefully somebody can enlighten me. Thank you!

admon · November 9, 2024, 9:14am

Hi,

check this WireGuard Client - GL.iNet Router Docs 4 and How to troubleshoot WireGuard for the most common issues.

bogardon · November 9, 2024, 4:07pm

Hey Admon,

I've read through those docs but still have the same issue. My configuration is basically the same as your docs. Again, I can connect to the tunnel but cannot connect to the internet through it. For example all DNS queries go through the tunnel, but I think my server doesn't know how to send it along, so a response is never returned. I tried setting the DNS field, but regardless the server does not route internet traffic.

bogardon · November 9, 2024, 4:18pm

To be clear I am setting up the wireguard "server" on raspberry pi at home. I have the port forwarded so that's how the tunnel can be established. Is there some additional configuration I need so that the raspberry pi knows how to forward internet traffic?

Faithful · November 10, 2024, 6:47pm

I’m having the same exact issue. Please let me know if you find a solution…. Thanks

truespeed · November 11, 2024, 10:11am

Some things to try:

From a CLI on the client

Try pinging a public IP address (or trace-route) to see if you can see the WAN from the server side of the tunnel.

Try a name lookup to see if it resolves or times out.

If you have logs available at the server end look to see if you can see the inbound traffic.

bogardon · November 11, 2024, 4:35pm

I think I need to do one or both of these things:

Configure iptables to provide NAT to the wg0 interface
Enable net.ipv4.ip_forward and net.ipv4.conf.all.forwarding

Will need to do some research to make sure I get those right.

bogardon · November 11, 2024, 5:32pm

I found https://www.cyberciti.biz/faq/how-to-set-up-wireguard-firewall-rules-in-linux/ which seems like exactly what I need.