[resolved]Wireguard server behind home router works, Slate cannot connect from external network

So my current setup is: I have 2 gl-inet routers: Beryl and Slate. I set up Beryl as Wireguard server behind my home router. Set up port forwarding 51820 on my main home router to Beryl. For the Slate I set it as my wireguard client router so I can travel with it

First time set up 4 weeks ago everything worked then I turn off Slate as I didnt need to use it. Now I turn on Slate and it cannot connect to the Beryl (server). Yellow light on the UI with red “Abort”. The server on Beryl is still green and seems to be working fine. I can connect to that Beryl router in LAN and internet works. But if I connect to the Slate is on external network then it cannot connect to Beryl.

Also worth to mention I just created a wireguard server on AWS lightsail and my Slate can connect with no issues. I believe I have an assigned public IP from my ISP for my home router.

So in nutshell: worked first time between Beryl and Slate, now not working but Slate can connect to wireguard server on AWS lightsail. I even tried to connect to Beryl on my iphone but no luck. Could it be my ISP is blocking something? Please advise

Can you post your Wireguard config file without the public and private keys?

Do you have DDNS set up? If so, verify that domain resolves correctly to the Public IP address assigned by your ISP.

I do not work for and I do not have formal association with GL.iNet

This is my client config:

Address =
ListenPort = 62736
PrivateKey =

AllowedIPs =,::/0
Endpoint =
PersistentKeepalive = 25
PublicKey =

I set up DDNS. Not sure how to verify “domain resolves correctly to the Public IP address” sorry I’m not too tech savvy of networking

Ok I got it working now. What’s weird is that when I log in to my main router the theres an extra 0 at the end of the private IP of the Beryl in the port forwarding section so its when I set it up which worked the first time. Now is so I changed it back and works now

Unless you have a dedicated Public IP address from your ISP, you should not set the Endpoint to an IP address in the config file because that may change. The Endpoint should be set to the DDNS domain name.

For future reference, you can show your Public IP address by opening a browser behind the router to whatismyaddress.com, whatismyip.com or network-tools.com.

I do not work for and I do not have formal association with GL.iNet

Is your Beryl set with a static IP either explicitly or via DHCP static address via your main router?

I set it today via a reserved static IP via main router and also enabled DDNS on it. That should be good right?

DDNS needs to be set on your main router, not the Beryl and then the port forward on your main router to the static IP of your Beryl.

Is there a reason to set DDSN on the main and not on the Beryl? I set it on the Beryl and replace that with the IP in endpoint for client config and it works (tested from external network). Isn’t the main router give same public IP to the Beryl and that is enough for the Beryl to update its ddns itself?

would it be ok if I enable ddns on both the main (using no-ip) and the Beryl with glinetddsn?

It is okay to use DDNS on the Beryl because it goes out to the Internet to look up the Public IP address via http://checkip.dyndns.com. You can also use DDNS on your main router if you have subscribed to No-IP.com. I also have 2 DDNS domain names set up on my ISP router and on my Synology NAS behind an Asus router.

You can show your Public IP address as described in my previous post, then compare it with the IP addresses from pinging the 2 DDNS domain names.

I do not work for and I do not have formal association with GL.iNet

1 Like