MT300N - Wireguard VPN Client Works until Kill Switch activated

Peanut · July 17, 2022, 11:16am

Hi all!

I have bought the MT300N to allow me to travel and work around Europe whilst maintaining an IP address as though I am physically located at home.

I have set up Wireguard on both my home router and the MT300N and when I have activated the connection in the MT300N my public IP address is reported as the one of my home router. So all good there.

However, to be extra sure that my roaming IP address will not be leaked, I want to make use of the Kill Switch feature, but when I switch it on I seem to lose web access completely.

I am able to ping an IP address such as 8.8.8.8, but doing an nslookup of google.com fails - so I am thinking something isn’t quite right with the DNS?

I am quite a newbie when it comes to all this, so am now feeling out of my depth a bit, so if anyone can give me a few pointers I would be extremely grateful

Cheers!

alzhao · July 18, 2022, 10:43am

Can you configure custom DNS servers in the router as well?

Try encrypted DNS services, e.g. cloudflare.

Peanut · July 18, 2022, 3:41pm

Thanks @alzhao

The config was as follows:

[Interface]
Address = 192.168.3.3/32
PrivateKey = <PRIVATE_KEY>
DNS = 192.168.1.1

[Peer]
PublicKey = <PUBLIC_KEY>
AllowedIPs = 0.0.0.0/0,::/0
Endpoint = <ENDPOINT_IP>:<ENDPOINT_PORT>
PersistentKeepalive = 25

I changed the DNS to 1.1.1.1 and it allowed me to maintain my connection when the kill switch was enabled.

The endpoint router is configured to use NextDNS and I would like to be able to use this over the VPN connection too, do you know how I can do this?

alzhao · July 19, 2022, 11:35am

What is your firmware version? I need to do a test.

Peanut · July 19, 2022, 12:46pm

Hostname	GL-MT300N-V2
Model	GL-MT300N-V2
Architecture	MediaTek MT7628AN ver:1 eco:2
Firmware Version	OpenWrt 19.07.8 r11364-ef56c85848 / LuCI openwrt-19.07 branch git-21.189.23240-7b931da
Kernel Version	4.14.241

Peanut · July 19, 2022, 12:47pm

Current Version: 3.212

hilll · August 2, 2022, 12:28pm

Hi Peanut

I have test, the MT300N-V2, Version 3.212. in the wireguard config, Not set DNS, it work fine.

config as:

root@GL-MT300N-V2:~# cat /var/etc/wireguard.conf
[Interface]
ListenPort = 37484
PrivateKey = mK+IJ5EKUytc0Kge/4lvyH5RYIXI+EntNSlcrXfx43g=

[Peer]
PublicKey = uHz0TLd7ISx+EHwaeby6sLQMGxQH8EMI7e9QYt+lDBs=
AllowedIPs = 0.0.0.0/0,::/0
PersistentKeepalive = 25
Endpoint = 192.168.113.122:51820

close the kill Switch, the wireguard VPN also work fine.