Manual Wireguard client does not connect, works on other devices (PiVPN) — Beryl GL-MT1300

cataclysmic · February 21, 2021, 11:20am

Got a new GL-MT1300 in order to serve as a Wireguard client hotspot on my PiVPN Wireguard server. Can’t get it to work.

Looking in the forums I see another issue specifically on the GL-MT1300. As well as other reports of issues on other routers when using PiVPN Wireguard servers (1, 2).

The server and the client configurations work great on mobile devices and desktop I have tested on. When I input manually, or via .conf file, or via QR code using the GL.iNet app, it does not work. It spins on “connecting” and then the button changes to “abort.”

[Interface]
PrivateKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Address = 10.6.0.8/24
DNS = 4.2.2.6, XXX.XXX.70.25

[Peer]
PublicKey = eORRje665wbNMXkUWYreV8II9Ockx9UJ2bFHpW$
PresharedKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Endpoint = XXXXX.mynetgear.XXX:15797
AllowedIPs = 0.0.0.0/0, ::0/0

I tried removing the IPv6 entry under allowed IPs in both the server variables and in the conf file, as I read GL.iNet does not play nice with IPv6. I tried removing the two DNS entries in the server config, leaving it at just one DNS entry.

alzhao · February 24, 2021, 11:19am

Can you add one ListenPort in [Interface]?

[Interface]
PrivateKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Address = 10.6.0.8/24
DNS = 4.2.2.6, XXX.XXX.70.25
ListenPort = 25794

cataclysmic · February 28, 2021, 12:29pm

Thanks @alzhao

I reverted back to a PiVPN-configured OpenVPN server to see if I could get the Beryl to connect to any VPN server. During this process I realized I had mistakenly not forwarded the correct ports on the server side for the initial Wireguard setup mentioned above.

The OpenVPN server did work after realizing my port forwarding mistake.

I then tried to again to configure a Wireguard server with PiVPN and see if the Beryl would now connect with the port forwarding issue fixed.

In the GL.iNet web interface it now will show as connected, but shows only a few bytes of upload data. I cannot access the web through the router when it’s connected, nor can I connect to local IPs on the other side of the VPN. (I have tested the Wireguard config and server does work properly with an iOS device.)

To your suggestion above, @alzhao, the server appears to provide a ListenPort upon connection. I did try pre-filling it with the port you mentioned — it made no difference.

I also have removed the “, ::00/0” part of the AllowedIPs entry on the Beryl so as to avoid IPv6 issues.

Client .conf:
[Interface]
PrivateKey = XXXXXXXXXXXXXXXXXXXXXXXXXX=
Address = 10.6.0.8/24
DNS = 209.244.0.3, 209.244.0.4

[Peer]
PublicKey = ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ=
PresharedKey = YYYYYYYYYYYYYYYYYYYYYYYYYYYY=
Endpoint = XXXXXXXXX.mynetgear.com:51820
AllowedIPs = 0.0.0.0/0, ::0/0

Server prefs:
PLAT=Raspbian
OSCN=buster
USING_UFW=0
IPv4dev=eth0
dhcpReserv=1
IPv4addr=192.168.1.XX/24
IPv4gw=192.168.1.1
install_user=pi
install_home=/home/pi
VPN=wireguard
pivpnPORT=51820
pivpnDNS1=209.244.0.3
pivpnDNS2=209.244.0.4
pivpnHOST=XXXXXXXX.mynetgear.com
INPUT_CHAIN_EDITED=0
FORWARD_CHAIN_EDITED=0
pivpnPROTO=udp
pivpnDEV=wg0
pivpnNET=10.6.0.0
subnetClass=24
ALLOWED_IPS=“0.0.0.0/0, ::0/0”
UNATTUPG=1
INSTALLED_PACKAGES=(unattended-upgrades)

alzhao · February 28, 2021, 3:34am

Not sure if somewhere makes trouble about UDP.

Or just change server port and try.

cataclysmic · February 28, 2021, 1:56pm

Thanks for your help, I tried UDP port 15797 as well and had the same issue.

What do mean that the UDP may be causing the issue? What kind of workaround did you have in mind — TDP?

Can I run a traceroute or pull something from the router’s logs that would help you see why the router won’t pass internet over this connection?

Appears to be the same issue as this other thread, with the router showing as a connected client but no internet connection a minuscule amount of download data (link).

PiVPN is almost certainly the easiest way to set up a personal Wireguard server on any Linux machine, including a Raspberry Pi. I think it makes a lot of sense for GL.iNET to support it out of the box — or with minimal modifications that we can document here in the forums. As I mentioned in the first post, several others have had issues getting GL.iNET to play nice — this is definitely something that people are buying these routers for.

PiVPN Github (link).

Riho-shuu · March 3, 2021, 3:08am

Hi cataclysmic,

Do you mind sending me the configuration to let me have a try?

My email: marin.zhou@gl-inet.com