Setting up Wireguard on gl-mt300n-v2

I want to configure Wireguard on my gl-mt300n-v2 router running firmware 3.012.

My vpn provider gave me the following configuration file, but the router doesn’t recognize it, and I’m not sure what exactly I should put in to add the fields manually. Also according to my provider the listen port should be random. Can anyone help with the config? Thanks!

PrivateKey = XXX=
Address =

PublicKey = YYY=
AllowedIPs =, ::/0
Endpoint =
PersistentKeepalive = 25

When you copy and paste the content to the UI (plain text), what does the UI say?

Maybe you can edit the line of AllowedIPs to the following and try again.

AllowedIPs =

I was getting the error “Invalid Port Number”
It looks like the original values for AllowedIPs was fine. I was able to get it working by adding:

ListenPort = 84

to the Interface section. According to my provider, this shoud be blank (or whatever setting makes the port random), but setting it to 84 seems to have worked for now.

@kyson-lok pls check if port number can be removed from parameter check.

It is a bug for old firmware. It had been fixed.

I’m running firmware 3.012. Do you recommend getting the beta of 3.022?

For anyone else who is running into to same problem, the 3.022 firmware did solve the problem of being able to use the config file (having a random port assigned). It also fixed other problems in the wireguard implementation that were causing connection problems with some websites.


root@GL-AR750S:~# wg
Warning: one or more unrecognized netlink attributes
interface: wg0
public key:
private key: (hidden)
listening port: 24641
endpoint: :51821
allowed ips:,
latest handshake: 3 seconds ago
transfer: 92 B received, 180 B sent
persistent keepalive: every 25 seconds

root@GL-AR750S:~# ping
PING ( 56 data bytes
ping: sendto: No error information
root@GL-AR750S:~# ping
root@GL-AR750S:~# curl
curl: (6) Could not resolve: (Could not contact DNS servers)

I want to setup WG in that way that only specific traffic will be routed trough, (as set in allowedips) and everything else without VPN.

The problem is: I can access and everything from, but not the internet. This setup works everywhere, but not on this router. Maybe it’s a bug?

root@GL-AR750S:~# ip route dev wg0 scope link 
default via dev eth0.2 proto static src dev wg0 scope link via dev eth0.2 dev eth0.2 proto kernel scope link src dev wg0 proto kernel scope link src dev br-lan proto kernel scope link src 
root@GL-AR750S:~# ping
ping: bad address ''
root@GL-AR750S:~# ping
PING ( 56 data bytes
64 bytes from seq=0 ttl=62 time=158.375 ms
root@GL-AR750S:~# ping
PING ( 56 data bytes
ping: sendto: No error information

If I set as allowedips (route all traffic trough VPN), internet works. The weird thing is that ip route command shows same result for both cases.

Are you setting wireguard on AR750s as client? Where and what is your Wireguard server please?

If you only work with AR750S as client you can just use VPN polices.

If you are working with multiple AR750S in different locations, you can use our Site-to-Site solution.

1 Like