Opal Wireguard client no connection

Technical Support for Routers
1

Hello

I have put in my configuration (pasted in) so that the router acts as a Wireguard client but it will always fail with “VPN client failed to connect. This may be because of wrong configuration, unsupported parameters or terminated by the server.”.

On this Opal I have enabled Luci and installed adblock. Even without this, it didn’t ever work.

SSHing into the Opal, I tried /etc/init.d/wireguard start and it outputs the following:

root@GL-SFT1200:~# /etc/init.d/wireguard start
uci: Entry not found
Warning: Section @zone[1] (wan) cannot resolve device of network 'wan6'
Warning: Section @zone[1] (wan) cannot resolve device of network 'wwan'
Warning: Option 'wireguard'.masq6 is unknown
Warning: Option 'sambasharewan'.dest_proto is unknown
Warning: Section 'sambasharewan' does not specify a protocol, assuming TCP+UDP
Warning: Option 'sambasharelan'.dest_proto is unknown
Warning: Section 'sambasharelan' does not specify a protocol, assuming TCP+UDP
Warning: Warning: ubus redirect (ubus:simple-adblock[instance1] redirect 0) does not specify a destination, assuming 'lan'
 * Clearing IPv4 filter table
 * Clearing IPv4 nat table
 * Clearing IPv4 mangle table
 * Clearing IPv4 raw table
 * Populating IPv4 filter table
Warning: fw3_ipt_rule_append(): Can't find target 'input_wireguard_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'output_wireguard_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'forwarding_wireguard_rule'
   * Rule 'Allow-DHCP-Renew'
   * Rule 'Allow-Ping'
   * Rule 'Allow-IGMP'
   * Rule 'Allow-UDP-udpxy'
   * Rule 'Allow-IPSec-ESP'
   * Rule 'Allow-ISAKMP'
   * Rule 'guestzone_DHCP'
   * Rule 'guestzone_DNS'
   * Rule #12
   * Rule #13
   * Rule 'Allow-Wireguard'
   * Redirect 'ubus:simple-adblock[instance1] redirect 0'
   * Forward 'lan' -> 'wan'
   * Forward 'guestzone' -> 'wan'
   * Forward 'wireguard' -> 'wan'
   * Forward 'lan' -> 'wireguard'
   * Forward 'guestzone' -> 'wireguard'
   * Forward 'wireguard' -> 'guestzone'
   * Zone 'lan'
   * Zone 'wan'
   * Zone 'guestzone'
   * Zone 'wireguard'
 * Populating IPv4 nat table
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_wireguard_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_wireguard_rule'
   * Redirect 'ubus:simple-adblock[instance1] redirect 0'
   * Zone 'lan'
   * Zone 'wan'
   * Zone 'guestzone'
   * Zone 'wireguard'
 * Populating IPv4 mangle table
   * Zone 'lan'
   * Zone 'wan'
   * Zone 'guestzone'
   * Zone 'wireguard'
 * Populating IPv4 raw table
   * Zone 'lan'
     - Using automatic conntrack helper attachment
   * Zone 'wan'
   * Zone 'guestzone'
     - Using automatic conntrack helper attachment
   * Zone 'wireguard'
 * Clearing IPv6 filter table
 * Clearing IPv6 nat table
 * Clearing IPv6 mangle table
 * Populating IPv6 filter table
Warning: fw3_ipt_rule_append(): Can't find target 'input_wireguard_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'output_wireguard_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'forwarding_wireguard_rule'
   * Rule 'Allow-UDP-udpxy'
     ! Skipping due to different family of ip address
   * Rule 'Allow-DHCPv6'
   * Rule 'Allow-MLD'
   * Rule 'Allow-ICMPv6-Input'
   * Rule 'Allow-ICMPv6-Forward'
   * Rule 'Allow-IPSec-ESP'
   * Rule 'Allow-ISAKMP'
   * Rule 'guestzone_DHCP'
   * Rule 'guestzone_DNS'
   * Rule #12
   * Rule #13
   * Forward 'lan' -> 'wan'
   * Forward 'guestzone' -> 'wan'
   * Forward 'wireguard' -> 'wan'
   * Forward 'lan' -> 'wireguard'
   * Forward 'guestzone' -> 'wireguard'
   * Forward 'wireguard' -> 'guestzone'
   * Zone 'lan'
   * Zone 'wan'
   * Zone 'guestzone'
   * Zone 'wireguard'
 * Populating IPv6 nat table
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_lan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_lan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_wan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_wan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_guestzone_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_guestzone_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_wireguard_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_wireguard_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_rule'
   * Zone 'lan'
   * Zone 'wan'
   * Zone 'guestzone'
   * Zone 'wireguard'
 * Populating IPv6 mangle table
   * Zone 'lan'
   * Zone 'wan'
   * Zone 'guestzone'
   * Zone 'wireguard'
 * Set tcp_ecn to off
 * Set tcp_syncookies to on
 * Set tcp_window_scaling to on
 * Running script '/etc/firewall.user'
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
ipset v7.1: The set with the given name does not exist
iptables: No chain/target/match by that name.
 * Running script '/usr/bin/glfw.sh'
 * Running script '/var/etc/gls2s.include'
   ! Skipping due to path error: No such file or directory
 * Running script '/usr/sbin/glqos.sh'
/etc/rc.common: line 353: disable_flow_offload: not found
Terminated

What is wrong ? I upgraded the firmware on the device via the admin panel to be 3.212 from GL.iNet download center

2

The Luci wireguard versions are:

kmod-wireguard 4.14.90+0.0.20181218-1
luci-app-wireguard git-18.228.31946-f64b152-1
luci-proto-wireguard git-18.228.31946-f64b152-1
wireguard 0.0.20181218-1
wireguard-tools 0.0.20181218-1

3

Even if I edit the command with vi /etc/init.d/wireguard and comment out the disable_flow_offload line (#disable_flow_offload), it still fails with “terminated” and no particular reason why.

4

OK so I factory reset the device and now all is good. No idea what was up!

1 Like