Site2site A B by two GL.iNet router.
On site A WG server configured by GL.iNet gui and list subnet ‘192.168.xxx.0/24’ in config file.
On site B WG client configured by luci, WG interface in lan zone on firewall and subnet of side A and subnet of tunnel in allowed ips.
On site C WG client in Windows and io of radio and other devices in allowed ips.
Here’s what I have for now on n Site A:
root@GL-MV1000:/etc/config# cat wireguard_server
config servers
option local_ip '10.0.0.1'
option local_ipv6 'fd00:db8:0:abc::1'
option private_key 'gGfLZnWi4SAJNwXDYgpzC7Ahm451O1mmQPv='
option public_key 'Pmkf1yz6Hy1nt88ON26KRPzoDXFtGVMLFSq='
option access 'ACCEPT'
option local_port '5001'
option enable '1'
config peers ‘wg_peer_4234’
option name 'Rudy'
option client_key 'KAiq7SfCjaVyn50MH2OAdeQaQIeQMKA3na4q'
option private_key '2IXcAltNYNKKtrZrCVi85xBg8b2GFZOqHSjCU‘
option client_ip '10.0.0.2/32'
config peers ‘wg_peer_8022’
option name 'Mitko'
option client_key '2RUxKeGSQephEtyg7REwCAbtIr8yv+1j5rnY'
option private_key 'cJqCtYjy90hsg4VaoUVPzYdtDKuQ87vBdjOv‘
option client_ip '10.0.0.3/32'
list subnet '192.168.0.0/24'
root@GL-MV1000:/etc/config# wg show
interface: wg0
public key: Pmkf1yz6Hy1nt88ON26KRPzoDXFtGVMLFSq0
private key: (hidden)
listening port: 5001
peer: 2RUxKeGSQephEtyg7REwCAbtIr8yv+1j5rn
endpoint: 173.72.xxx.xxx:18538
allowed ips: 10.0.0.3/32, 192.168.0.0/24
latest handshake: 58 seconds ago
transfer: 98.29 KiB received, 359.25 KiB sent
persistent keepalive: every 25 seconds
peer: KAiq7SfCjaVyn50MH2OAdeQaQIeQMKA3na4q
endpoint: 24.185.xxx.xxx:43724
allowed ips: 10.0.0.2/32
latest handshake: 1 minute, 47 seconds ago
transfer: 43.30 KiB received, 369.91 KiB sent
persistent keepalive: every 25 seconds
Hi antifascista.
I’ve reset the MV1000 several times and tried to follow your instructions, but can’t get wireguard to work after converting WAN to LAN.
I stopped DHCP, changed the local IP address to be in line with local network, then changed WAN to be LAN.
I can connect the client, but can’t access the network. Tried adding wireguard to Lan zone, but it’s already there.
Also, you mention turning DNS on (not got to that part yet). Can I use Cloudflare DNS for this, or does it have to be one of the other DNS settings?
Cheers
In the box “covered networks” on wireguard firewall section you have to set “lan”.
Excellent - working now, thank you 
Regarding DNS, can I set that to Cloudflare as the DNS service before i enable adguard, and point my router to the MV1000’s ip address for DNS?
OK, working fine now. Really pleased.
Using CloudFlare (not Adguard) and pointing my internal network the MV1000 for DNS lookups.
VPN working too.
Thanks for all your help antifascista
I’m very happy for you.
Ok, now using AdGuard with Cloudflare as DNS. All working.
In case anyone at GL-Inet is reading this, in my opinion, a lot of people would really like to be able to do this…
(…a VPN Server on their home network sitting behind the ISP router… rather, use a GL device as a second router behind their main ISP router - to gain VPN access to their (or part of their) home network from remote locations… I believe that’s what Zibazb is describing.
For me, I I set it up as…
Internet
->ISP Router (192.168.22.1)
->Brume(192.168.23.1)
->NAS…
but I can’t seem to get the settings correct… Can anyone point me to a setup guide… I’ve tried so many ways… I’m not ever sure into which ports to plug the ethernet cables anymore… (i know, Im a mess)…
Any chance of doing a video explanation of this?
I (for one) would be very grateful.
If you want to use your Brume just as a VPN server and do not need the routing capabilities of it.
Just set it as an “Access Point” / “Bridge” in More Settings->Network Mode. To avoid confusions, set the WAN port as LAN port, too.
Make sure you correctly set up the NAT ports in your ISP Router and that should be it.
thanks for the input… i actually got it to work by removing the server, and reinstalling it fresh… I guess making so many changes messed up the configs or something… thanks for the help
Hi lib, sorry… just seen your post.
This is actually pretty easy to do - once you know. Without the help on here though, I’d have been lost.
Mine is behind my router with DHCP turned off (router X.X.X.1 and Brume is X.X.X.2). I’m using it as a wireguard server and as DNS (ad guard with Cloudflare). My router points all network client to the brume for DNS.
Very happy with it and glad you got it working.
Hi Zibzab - - yes - - it works great… for a few days… and then it fails… I’m not sure exactly where it fails, though… I only know that my clients must all be re-installed …
what confuses me is that in order to get it up and running again, I must reinstall the client configs on each client device…
– also, I’ve noticed that on the server… the client configs have all changed… they’re all still in place… but the code is different, therefore they no longer work on the clients…so it’s a simple procedure… I just have to replace them (on each client)
Q: Why does the server, without warning, make changes to the client configs? Sometimes after a few hours; sometimes after a few days?.. I don’t have to do anything drastic to the server… but all the configs change… and I must replace them all on my clients… so strange.
(does that make sense?)
Does this sound familiar to anyone?
I can’t see anything on the logs… (but I don’t really know what I’m looking for)
What am I doing wrong? How can this be avoided?
Hoping for a more stable server experience.
Thanks in advance.
Hi Lib. I haven’t used mine now for over three weeks. Too unreliable.
Every time something happens, I have to reset and reconfigure!
I’ve since moved Adguard onto a Synology box, which seems to be much more reliable.
Thinking about getting rid of the Brume.
Yikes… (i thought it was just me…)
thanks for the response - best of luck with your solution.
As for me… I just installed the GoodCloud.xyz and am playing with it… hopefully when the Brume fails, instead of re-installing and reconfiguring… I can just log in remotely… (cautiously optimistic)
Thanks again.
Lib
I have no idea why it changes but it should not change by design
thank you very much…
I should mention that this is a secondary router where the WG Server sits (sub net?)… so I guess it’s a double NAT (?)… it must pass through the primary router on my LAN to reach the internet - I have an open port on the primary router to allow the WG Server to be reached remotely.
I think I have solved my stability problem… and since our setups seem to be related, I thought this might be of some help to you - - would you mind having a look at it?
The title is misleading as it wasn’t the “listening port” rather the “endpoint” address that was causing me problems… If by chance, this is a solution to your issue as well, then it would confirm for me that this is, in fact, the problem I was facing… I was hoping to put more eyeballs on the reason for my failure…
In any case, I hope the other post is helpful. Best wishes.
Lib
1 Like