Problem connecting to home router with WireGuard

Technical Support for Routers VPN, DNS, Leaks
1

Hi all, first of all excuse me for a bit of probably my ignorance as I am new into understanding everything that revolves around the IP Tunneling and VPNs.
I was trying to connect my Slate Plus (abroad) to my Beryl MT 1300 (at home). The issue is that whenever I try to connect with WireGuard I get the following errors in the logs. I do not understand how there could be errors with files missing and also an error on the json file. Anyone has any idea by the log file where the problem could be?

Tue Oct 15 21:18:50 2024 daemon.notice netifd: wgclient (490):    * Zone 'guest'
Tue Oct 15 21:18:50 2024 daemon.notice netifd: wgclient (490):    * Zone 'wgclient'
Tue Oct 15 21:18:50 2024 daemon.notice netifd: wgclient (490):  * Set tcp_ecn to off
Tue Oct 15 21:18:50 2024 daemon.notice netifd: wgclient (490):  * Set tcp_syncookies to on
Tue Oct 15 21:18:50 2024 daemon.notice netifd: wgclient (490):  * Set tcp_window_scaling to on
Tue Oct 15 21:18:50 2024 daemon.notice netifd: wgclient (490):  * Running script '/etc/firewall.nat6'
Tue Oct 15 21:18:50 2024 daemon.notice netifd: wgclient (490):  * Running script '/etc/firewall.swap_wan_in_conn_mark.sh'
Tue Oct 15 21:18:50 2024 daemon.notice netifd: wgclient (490):  * Running script '/etc/firewall.vpn_server_policy.sh'
Tue Oct 15 21:18:50 2024 daemon.notice netifd: wgclient (490):  * Running script '/var/etc/gls2s.include'
Tue Oct 15 21:18:50 2024 daemon.notice netifd: wgclient (490):    ! Skipping due to path error: No such file or directory
Tue Oct 15 21:18:50 2024 daemon.notice netifd: wgclient (490):  * Running script '/usr/bin/gl_block.sh'
Tue Oct 15 21:18:50 2024 daemon.notice netifd: wgclient (490): Failed to parse json data: unexpected character
Tue Oct 15 21:18:50 2024 daemon.notice netifd: wgclient (490): uci: Entry not found
Tue Oct 15 21:18:50 2024 daemon.notice netifd: wgclient (490): cat: can't open '/tmp/run/wg_resolved_ip': No such file or directory
Tue Oct 15 21:18:51 2024 daemon.notice netifd: Interface 'wgclient' is now down
Tue Oct 15 21:18:51 2024 daemon.notice netifd: Interface 'wgclient' is setting up now
Tue Oct 15 21:18:51 2024 user.notice firewall: Reloading firewall due to ifdown of wgclient ()
Tue Oct 15 21:19:04 2024 daemon.notice netifd: Interface 'wgclient' is now down
Tue Oct 15 21:19:05 2024 user.notice firewall: Reloading firewall due to ifdown of wgclient ()
Tue Oct 15 21:25:16 2024 daemon.notice netifd: Interface 'wgclient' is setting up now
2

Please read and check How to troubleshoot WireGuard for the most common issues. Make sure you do have seperate LAN segments on each router, they can't be 192.168.8.x both.

The log lines are fine, mostly just log noise.

3

Let's assume that the problem is the server side.

Pls post details of your Wireguard server configurations.

4

Thank you I have tried it but it did not resolve the issue, the only thing is I did not try to change the port from 51820 to 51825, my girlfriend says she is having loads of troubles logging in both admin areas of the Beryl and the router she has from her internet provider, maybe this could be a hint?

Here and there she can access it but she gets also randomly kicked out.

5

Thanks, I have copy pasted it in the similar way that admon shared in the troubleshooting:

[Interface]
Address = 10.0.0.2/24
PrivateKey = xxxxx
DNS = 64.6.64.6
MTU = 1420

[Peer]
AllowedIPs = 0.0.0.0/0,::/0
Endpoint = xxxxxx.glddns.com:51820
PersistentKeepalive = 25
PublicKey = xxxxx

The xxx is my private keys and endpoint starting value. (leaving it anonymized here)
I have received this from the beryl's config. As I try to connect the slate to beryl

6

Also @admon and @alzhao this is how we configured port forwarding on the Router provided by the internet provider which Beryl is connected to.

7

The port forward to 192.168.8.1 is not correct.

It should be the IP of Beryl got from your main router.

Should be 192.168.1.x

1 Like
8

Hi Many thanks for your answer, we have found the MAC number inside the router and added the correct IP, however the connection still does not work. On my girlfriends side (beryl) the wireguard is on and we also tried to test the Dynamic DNS here: Justin Pruett - JustinPruett.com both IP's match which should be correct.

I have however discovered that the setup at my GF's house is now a bit different than I first imagined. Connecting to her router there is a modem COMTREND GRG-4284. Could this be a problem? should the beryl be connected directly to the COMTREND?

Many thanks for all your help.

9

It would be best to create a network diagram containing devices and IP addresses.
Use draw.io to draw one.

10

Hi, ofcourse here's the image. I am unsure if the IP addresses are totally correct, since it is a bit confusing to me wether to look at IPv4 or the Default gateway when prompting ipconfig in cmd. Hope this is correct if not I can update the image. Also we are having problems with the Comtrend as my GF does not have a UTP port in her laptop, and since no WI FI connection is offered she can't connect to that one to check.

SetupRouters copy
SetupRouters copy1920×1080 169 KB

11

Do you know if your ISP uses CGNAT or not?

12

For my abroad ISP I have found this: Attention Salt. Users in Switzerland: CG-NAT Blocks Port Forwarding, Workarounds Required (See Staff Post) - Support - Roon Labs Community

For the home one no article that says they are blocking CGNAT

13

Theoretically, the modem could run in router mode as well. I don't know the modem, so I can't tell for sure. Does the Zyxel show some external IP address by itself?

14

Here are some IP's I can see in the Zyxel, could the first one be the external IP? Others all seem internal, one of them is beryl.

Screenshot 2024-10-19 211705
Screenshot 2024-10-19 2117051523×330 93.4 KB