I just picked up a flint2 yesterday. I'm trying to run a Wireguard server on it, but I couldn't figure out how to get it to work. I'm using firmware version 4.6.2, and I have done things mentioned in this thread: GL-MT6000 WireGuard Server IPv6 support not working
I get no internet access after enabling vpn on my iPhone. It would be much appreciated if someone can help me out, and please feel free to ask me for more information.
Just a note, the thread that you linked is only relevant for running IPv6 inside the tunnel, which might or might not be the case for you, just wanted to clarify.
I once got an issue exactly like yours, the problem in that case was that for whatever reason the DDNS domain wasn't updated with the IPv4 address of the router (only with the IPv6 address), and as a result my phone (which doesn't have IPv6 connectivity) resolved to the IPv6 address instead, unable to connect.
I noticed in your screenshot that the remote endpoint is resolved to IPv6, so might want to double-check that the IPv6 connectivity between your phone and the router is working. If everything works, it could be possible that something in the firewall is blocking IPv6 incoming connections to Wireguard, but I have to admit I haven't tested that, since as mentioned my mobile ISP doesn't provide IPv6 connectivity.
Thanks for chiming in. I'm absolutely clueless when it comes to networking. My ISP here in Japan uses IPv4 over IPv6 (DS-Lite) so my router can't be reached using ipv4 address if I understand correctly.
I manually punched in the ipv6 address I got from the DDNS test page into the client config, since using the DDNS host name resolves to ipv4 address on my phone.
peer: wrAabp3OUaaqO28pvtxN4T3ZDEDj7nn6ltOzJYoML0w=
endpoint: [fddf:6cc8:ef77:0:181d:8e2e:599b:3d0b]:53423
allowed ips: 10.0.0.2/32
latest handshake: 5 minutes, 39 seconds ago
transfer: 212 B received, 316 B sent
persistent keepalive: every 25 seconds
I guess it proves my router can be reached by my phone cellular, but using the above config doesn't route everything over Wireguard. I'm still trying to learn how I can set up my wireguard server properly.
Sorry, initially missed the response, didn't get any notification for some reason. You say you're absolutely clueless when it comes to networking, but seem to understand IPv4 and IPv6 quite well. I don't think I've actually ever seen a proper DS-Lite setup before, but it's cool that they're rolling out pure IPv6 networks in Japan! Can be a bit frustrating for the customer though not being able to get a public IPv4 address, I imagine.
Just in case it helps, this is how wg reports my peer info when everything is working right after connecting:
peer: sVuICIdARqz/l9r4GBaBQ6bmPCRkSB/c2C4NMtR0Ex8=
endpoint: [redacted]:17488
allowed ips: 10.0.0.2/32, fd00:db8:0:abc::2/128
latest handshake: 4 seconds ago
transfer: 4.19 KiB received, 13.04 KiB sent
persistent keepalive: every 25 seconds
The amount of traffic in your case is very low, which suggests that the tunnel is active but traffic is not routed through. You might want to check that the settings on the "VPN Dashboard" when clicking on the small cog icon next to the WireGuard server are correct. I want to allow all kinds of traffic from my VPN clients (to WAN, LAN and to each other), so I've set my configuration to look like this:
Another thing I see from the peer config that you posted is that the IPv6 address of the peer, fddf:6cc8:ef77:0:181d:8e2e:599b:3d0b doesn't seem like a public address. Could you try connecting to your VPN from a public address, for example from your mobile phone using your phone ISP?
As a last resort, the way I've been debugging my wg connection is by installing tcpdump on my router and seeing what packets are actually going through. However, I think in your case there might be some issues in the configuration itself.
No worries, and thanks again for replying! I was running a ipv4 wg server before but I opted for the ipoe ds-lite upgrade for more bandwidth, and now it's forcing me to setup a ipv6 wg. I made a little progress where I can access the wg server running on my router if I connect to the router's wifi. But I can't access the wg server if I'm using my phone's network even though I do see some packets coming in using tcpdump but the wg server didn't reply with any packets. I'll check if my port is open once I get back to my computer.
On a different note, what's the reason of using allowed ips: 10.0.0.2/32, fd00:db8:0:abc::2/128 ? Is there anything special about these two addresses?
Hi, Alvo. Please try to execute the following command in the router's bash: uci set wireguard_server.main_server.ipv6_enable=1;uci commit wireguard_server , and then restart the wireguard server by Admin Panel. This may help resolve the issue you are experiencing.
I have ran the command you gave me, and plus verified that my port is open: udp 0 0 0.0.0.0:18188 0.0.0.0:* udp 0 0 :::18188 :::*
But I still couldn't establish a working connection from phone to my router that's running the wg server.
This is the tcpdump on the server when I acivate the wireguard vpn on my phone:
I switched back to use default port number 51820 and everything works now. Apparently I have no idea what it means to open a port on the router .I wonder what would be a good way to open a custom port for wireguard server?
Simply setting port number in the router ui and in the client config file did the trick for me. I guess the server and the client had unmatched port settings. Thanks a lot for the help too!
I don't think I've actually ever seen a proper DS-Lite setup before, but it's cool that they're rolling out pure IPv6 networks in Japan! Can be a bit frustrating for the customer though not being able to get a public IPv4 address, I imagine.
I was running a ipv4 wg server before but I opted for the ipoe ds-lite upgrade for more bandwidth, and now it's forcing me to setup a ipv6 wg. 
I made a little progress where I can access the wg server running on my router if I connect to the router's wifi. But I can't access the wg server if I'm using my phone's network even though I do see some packets coming in using tcpdump but the wg server didn't reply with any packets. I'll check if my port is open once I get back to my computer.
.I wonder what would be a good way to open a custom port for wireguard server?