Port forwarding to Opal

Hi! I recently purchased Flint as my home router, which I set up a WireGuard server on, I use the Slate as my travel router/client. So far it seems to be working well but I’ve decided to set up a second backup server in a different location. This will either be an Optimum owned router or likely I will replace it with a TP Link Archer AX10, I know I will need to add a port forward to the Opal, but it is my understanding that I need a static IP for this? I wasn’t sure which device exactly needs the static IP. I am not entirely clear on the process of setting up a WireGuard server on a router under the main router that requires port forwarding

I am able to use the Slate as a client for both servers?
The only obvious error I am seeing in my home router setup is:
“Subnet conflicts. Please change LAN IP address.”
Is this something that needs to be addressed and if so, do I have to resetup the client?

You should set a fixed reserved IP on the main route for the device that needs to forward the port. This can be set on the LAN IP page on our devices.
This IP can then be used to set up port forwarding.

This is a very serious misconfiguration and you need to change your subnet address in the LAN IP page.

I’m not sure I understand your question. Perhaps you could try drawing a topology diagram?

Thank you for the response! So I need to set up the static IP on the TP Link which will only connect to the port forwarding? It would interfere with any of the other traffic connecting to it? Do I need to set up any static IP on the Flint router that is acting as the server without any port forwarding as well?

Which devices do I need to change the LAN IP? Will I need to do the client set up over?

First, your four routers’ LANs should use different subnets, e.g.

Next, you need to set up IP address reservations for Opal on the AX10, making sure that the WAN IP of Opal is a fixed value, e.g.
Then set up port forwarding for that IP, for example
[LAN] → [WAN]51821
where 51821 is the Listen Port of your WireGuard Server

Finally, you need to export the Client profile from Opal and modify the Endpoint to be the Internet IP or Domain for AX10 + the Port . Then import it into Slate.

This is the configuration of the Opal and Slate connection, I’m not quite sure what the WireGuard Server on your flint means.

Okay, so if I were to just replace the AX10 with another router that supports WireGuard, like Flint I would not need to do any of this? Or does that still require a static IP? My current configuration with just a Flint and Slate I do not to my knowledge had a static public IP

The main route must have a fixed address, regardless of which station the wireguard is on. If you do not have a fixed Internet IP, you can try using DDNS.

is it as simple as just the Enable DDNS section of this documentation or does it require more steps: DDNS - GL.iNet Docs

Yes, you just need to turn on the switch to enable it.

I suggest you turn on the remote https access switch during the test. When you can use DDNS address to access your router admin page on the extranet (such as using the cellular network of your mobile phone), DDNS has been successfully applied.

I was not able to test it as you suggested but I did do the automated test and it said it was working?

Also in terms of speed I am currently testing my wifi vs server speeds. Connecting to wifi directly was ~80mbps while both of the severs (one in the house I am in and one ~10 miles away) the speeds were about ~20-25mbps. Will this continue to get worse the further I go, say 2000-3000 miles away? Is there anything I can or should do to improve it?

This question is a bit complicated.
The communication between the VPN client and the server is divided into several segments:
Slate → Flint → Modem 1 → Modem 2 → AX10 → Opal
You need to check which segment is causing the rate decrease. Between two Modems, encrypted packets are transmitted over the Internet. Only the rate of this segment may be affected by the distance.

So I actually purchased another Flint and set up the server on there instead of using another router with port forwarding. So I have two Flint servers in different locations and one Slate AR750S that connects to both as a client.