Private Wireguard to server

I have a GL-iNet GL-MT2500. I have been trying to setup a person with remote capabilities for our office, but have not had much luck with setting this up. Our office has PFSense with either OpenVPN or WireGuard available. I have gotten farther with Wireguard than with OpenVPN, as I am down to not being able to ping the main office’s server, instead of traffic going through the VPN, traffic runs to the web. I am able to ping from the main office 50.0 (Office PFSense), 50.1 (GL Side) and 10.188 to my laptop. I had to add a static route on the server at the main office, but it appears with Global Traffic through VPN, additional networks set to 0.0.0.0/0 or the 192.168.0.0/24 of the main office, I can’t seem to get the GL to route the traffic through the Wireguard VPN. I am trying to setup the VPN for our VOIP phone so the unit has to operate standalone routing all traffic through without the use of additional routes as I cannot issue any commands to the hard phone.

Any help is appreciated. I have included my Conf file as I have it with key’s removed

[Interface]
Address = 192.168.50.1/31
ListenPort = 51820
PrivateKey = xxx
MTU = 1420

[Peer]
AllowedIPs = 192.168.10.0/24, 192.168.0.0/24, 192.168.50.0/31
Endpoint = remote.myoffice.com:51820
PersistentKeepalive = 30
PublicKey = yyy

I didn’t understand your issue. Is your wireguard client able to connect the MT2500 wireguard server successfully?
One thing to note is that MT2500 is serving as a VPN server at the WAN port.

It might be helpful to post a network diagram:

(Nice find, @admon: )

OK, I thought I had this working, but apparently 90% isn't 100% :roll_eyes:
So the issue, we have an internal VOIP server (0.184). We use PfSense as our firewall and as our Wireguard server. I have setup a VPN using Wireguard as a remote connector with the GL-MT2500. I am able to communicate back and forth, able to ping back and forth to the appropriate IP address.


<>
[Interface]
Address = 192.168.50.1/31
ListenPort = 51820
PrivateKey = REMOVED
MTU = 1420

[Peer]
AllowedIPs = 0.0.0.0/0
Endpoint = remote.myoffice.com:51820
PersistentKeepalive = 30
PublicKey = REMOVED

I am able to use Wireshark on my office network, the SIP packet of 5060 is making it back and forth as the phone registers with the VOIP server. If I (Bob) make a call from the remote phone (VOIP) to an outside person (Cell - Tom), there is full communication and no issues. Now if Tom calls Bob, the phone rings, Bob picks up, Tom can hear Bob answer hello, but Bob cannot hear Tom. The 3 ports the VOIP server uses to communicate with the remote phone is 5060 TCP, 41000 UDP and 41006 UDP. Wireshark is showing I am receiving packets from the remote phone (as evidence Tom can hear Bob), but not sure the UDP packets are making it to the remote phone.
I have tried:

  • Using DMZ
  • Port Forwarding
  • open ports on the router
    I am able to plug my laptop into the GL device, ping, access office servers etc. I figure because the 41000 UDP packets are "unrequested" that is why they are not being sent to the phone properly, but looking for some help.
    BTW, if it is the "Forward" being the problem, would be great if I could enter a "range" rather than one at a time.

Hi, we are attempting a similar config. We use PFsense with WG, as the 'server'

So far we have had success with multiple Teltonika WG 'clients'. When configuring the WG clients on the teltonika routers, it provides us with the Interface Public Key to put on the WG 'server' (pfsense) end under that peer that we have created.

However, we have noticed with GL-Inet WG config, when we create a new manual config, there is no Public key provided to enter on the PFsense WG peer. Furthermore, the interface side only shows private key field, not public key- I understood the Private keys are supposed to stay with each peer. So where do we obtain that private key?

It's just significantly different to what we are used to with Teltonika, which I have to say works a dream, but we want to use some of GL-Inet portable routers for teams on the move.

Any help would be appreciated. I have also tried using the online tools to generate a set of keys, but the problem still remains my WG peer on PFsense still needs a Public key for identification of the remote peer (GL-Inet)

Public and private keys are completely random, my understanding is that you can use any "random" characters, but you can also use this website to generate the keys.

https://www.wireguardconfig.com

Good Luck

1 Like