MT-3000 WireGuard issues

Routers VPN, DNS, Leaks
1

Hello everybody,

I just got my MT-3000 and face some problems with using it as WireGuard client. I get no internet when turning on the VPN.

  • The host is a Speedport Smart 4
  • I use DDNS and verified it is working correctly
  • MTU set to 1380

Interestingly, the VPN does also not work when initiated from my end device (Laptop). So when I setup the MT-3000 without VPN, the internet works. When I then turn on the WireGuard client on my Laptop while connected to the MT-3000, internet breaks again. ICMP and DNS also does not work. The VPN itself is operational however, I verified that on a different network without the MT-3000. Any help would be greatly appreciated!

WireGuard config:

[Interface]
PrivateKey = ...
Address = 10.200.200.1/24
DNS = 192.168.2.1
MTU = 1380

[Peer]
PublicKey = ...
PresharedKey = ...
AllowedIPs = 0.0.0.0/0
Endpoint = xxx.freeddns.org:53280
PersistentKeepalive = 21

VPN Log:

Tue Aug 12 19:54:34 2025 daemon.notice netifd: Interface 'wgclient1' is setting up now
Tue Aug 12 19:54:35 2025 daemon.info dnsmasq[19928]: read /tmp/hosts/dhcp.wgclient1 - 3 addresses
Tue Aug 12 19:54:35 2025 daemon.warn dnsmasq[19929]: no servers found in /tmp/resolv.conf.d/resolv.conf.wgclient1, will retry
Tue Aug 12 19:54:35 2025 daemon.info dnsmasq[19929]: read /tmp/hosts/dhcp.wgclient1 - 3 addresses
Tue Aug 12 19:56:20 2025 user.notice wireguard-debug: USER=root ifname=wgclient1 ACTION=REKEY-GIVEUP SHLVL=1 HOME=/ HOTPLUG_TYPE=wireguard LOGNAME=root DEVICENAME= TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin PWD=/
Tue Aug 12 19:56:21 2025 daemon.notice netifd: Interface 'wgclient1' is now down
Tue Aug 12 19:56:21 2025 daemon.notice netifd: Interface 'wgclient1' is setting up now
Tue Aug 12 19:56:22 2025 user.notice firewall: Reloading firewall due to ifdown of wgclient1 ()
Tue Aug 12 19:56:36 2025 daemon.info dnsmasq[23384]: read /tmp/hosts/dhcp.wgclient1 - 3 addresses
Tue Aug 12 19:56:36 2025 daemon.notice netifd: Interface 'wgclient1' is now down
Tue Aug 12 19:56:36 2025 user.notice firewall: Reloading firewall due to ifdown of wgclient1 ()
Tue Aug 12 20:04:09 2025 daemon.notice netifd: Interface 'wgclient1' is setting up now
Tue Aug 12 20:04:10 2025 daemon.warn dnsmasq[29429]: no servers found in /tmp/resolv.conf.d/resolv.conf.wgclient1, will retry
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq[29429]: read /tmp/hosts/dhcp.wgclient1 - 3 addresses
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq[29428]: read /tmp/hosts/dhcp.wgclient1 - 3 addresses

System Log:

Tue Aug 12 20:04:09 2025 daemon.notice netifd: Interface 'wgclient1' is setting up now
Tue Aug 12 20:04:09 2025 daemon.info dnsmasq[23384]: exiting on receipt of SIGTERM
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq[29429]: Connected to system UBus
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq[29429]: started, version 2.85 cachesize 1000
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq[29428]: Connected to system UBus
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq[29428]: started, version 2.85 cachesize 150
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq[29429]: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC no-ID loop-detect inotify dumpfile
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq[29429]: UBus support enabled: connected to system bus
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq-dhcp[29429]: DHCP, IP range 192.168.8.100 -- 192.168.8.249, lease time 12h
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq[29428]: DNS service limited to local subnets
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq-dhcp[29429]: IPv6 router advertisement enabled
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq[29428]: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC no-ID loop-detect inotify dumpfile
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq[29429]: using only locally-known addresses for domain test
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq[29428]: UBus support enabled: connected to system bus
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq-dhcp[29428]: DHCP, IP range 192.168.8.100 -- 192.168.8.249, lease time 12h
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq[29429]: using only locally-known addresses for domain onion
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq-dhcp[29428]: IPv6 router advertisement enabled
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq[29429]: using only locally-known addresses for domain localhost
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq[29428]: using only locally-known addresses for domain test
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq[29429]: using only locally-known addresses for domain local
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq[29429]: using only locally-known addresses for domain invalid
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq[29428]: using only locally-known addresses for domain onion
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq[29429]: using only locally-known addresses for domain bind
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq[29429]: using only locally-known addresses for domain lan_chgd
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq[29428]: using only locally-known addresses for domain localhost
Tue Aug 12 20:04:10 2025 daemon.warn dnsmasq[29429]: no servers found in /tmp/resolv.conf.d/resolv.conf.wgclient1, will retry
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq[29428]: using only locally-known addresses for domain local
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq[29428]: using only locally-known addresses for domain invalid
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq[29428]: using only locally-known addresses for domain bind
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq[29429]: read /etc/hosts - 4 addresses
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq[29428]: using only locally-known addresses for domain lan
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq[29428]: reading /tmp/resolv.conf.d/resolv.conf.auto
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq[29429]: read /tmp/hosts/dhcp.cfg01411c - 3 addresses
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq[29428]: using only locally-known addresses for domain test
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq[29428]: using only locally-known addresses for domain onion
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq[29428]: using only locally-known addresses for domain localhost
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq[29428]: using only locally-known addresses for domain local
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq[29429]: read /tmp/hosts/dhcp.wgclient1 - 3 addresses
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq[29428]: using only locally-known addresses for domain invalid
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq[29428]: using only locally-known addresses for domain bind
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq-dhcp[29429]: read /etc/ethers - 0 addresses
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq[29428]: using only locally-known addresses for domain lan
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq[29428]: using nameserver 192.168.2.1#53
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq[29428]: read /etc/hosts - 4 addresses
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq[29428]: read /tmp/hosts/dhcp.cfg01411c - 3 addresses
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq[29428]: read /tmp/hosts/dhcp.wgclient1 - 3 addresses
Tue Aug 12 20:04:10 2025 daemon.info dnsmasq-dhcp[29428]: read /etc/ethers - 0 addresses
2

It seems that the WG server is not accessible.

Please first make sure that the server can be connected, for example, you can connect to this server normally on your PC/Phone.

One profile can only be online on one device at same time, that is, one profile cannot be used on multiple devices at the same time.

Please refer to this thread to check again:

4

Hi Bruce, thanks for your reply. I figured it out in the meantime. Turns out that the issue was that I tried to connect from the same network that was also the VPN host (for testing purposes), which causes UDP hairpinning which is not supported by my ISP router. Having the MT3000 run on a cellphone hotspot made it work!

1 Like