Setting up Wireguard on gl-mt300n-v2

echarne · April 13, 2019, 6:20pm

I want to configure Wireguard on my gl-mt300n-v2 router running firmware 3.012.

My vpn provider gave me the following configuration file, but the router doesn’t recognize it, and I’m not sure what exactly I should put in to add the fields manually. Also according to my provider the listen port should be random. Can anyone help with the config? Thanks!

[Interface]
PrivateKey = XXX=
Address = 11.11.11.11/16
DNS = 11.11.11.11

[Peer]
PublicKey = YYY=
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = somewebsite.net:51820
PersistentKeepalive = 25

alzhao · April 15, 2019, 4:49am

When you copy and paste the content to the UI (plain text), what does the UI say?

Maybe you can edit the line of AllowedIPs to the following and try again.

AllowedIPs = 0.0.0.0/0

echarne · April 15, 2019, 6:42am

I was getting the error “Invalid Port Number”
It looks like the original values for AllowedIPs was fine. I was able to get it working by adding:

ListenPort = 84

to the Interface section. According to my provider, this shoud be blank (or whatever setting makes the port random), but setting it to 84 seems to have worked for now.

alzhao · April 15, 2019, 6:55am

@kyson-lok pls check if port number can be removed from parameter check.

kyson-lok · April 15, 2019, 6:57am

It is a bug for old firmware. It had been fixed.

echarne · April 15, 2019, 7:17am

I’m running firmware 3.012. Do you recommend getting the beta of 3.022?

echarne · April 16, 2019, 6:32am

For anyone else who is running into to same problem, the 3.022 firmware did solve the problem of being able to use the config file (having a random port assigned). It also fixed other problems in the wireguard implementation that were causing connection problems with some websites.

madrian · September 12, 2019, 9:20pm

Hi,

root@GL-AR750S:~# wg
Warning: one or more unrecognized netlink attributes
interface: wg0
public key:
private key: (hidden)
listening port: 24641
peer: 
endpoint: :51821
allowed ips: 192.168.9.1/32, 192.168.1.0/24
latest handshake: 3 seconds ago
transfer: 92 B received, 180 B sent
persistent keepalive: every 25 seconds

root@GL-AR750S:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
ping: sendto: No error information
root@GL-AR750S:~# ping dsl.sk
^C
root@GL-AR750S:~# curl dsl.sk
curl: (6) Could not resolve: dsl.sk (Could not contact DNS servers)

I want to setup WG in that way that only specific traffic will be routed trough 192.168.9.1/32, 192.168.1.0/24 (as set in allowedips) and everything else without VPN.

The problem is: I can access 192.168.9.1 and everything from 192.168.1.0/24, but not the internet. This setup works everywhere, but not on this router. Maybe it’s a bug?

root@GL-AR750S:~# ip route
0.0.0.0/1 dev wg0 scope link 
default via 192.168.8.1 dev eth0.2 proto static src 192.168.8.101 
128.0.0.0/1 dev wg0 scope link 
185.112.158.164 via 192.168.8.1 dev eth0.2 
192.168.8.0/24 dev eth0.2 proto kernel scope link src 192.168.8.101 
192.168.9.0/24 dev wg0 proto kernel scope link src 192.168.9.4 
192.168.13.0/24 dev br-lan proto kernel scope link src 192.168.13.1 
root@GL-AR750S:~# ping dsl.sk
ping: bad address 'dsl.sk'
root@GL-AR750S:~# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes
64 bytes from 192.168.1.1: seq=0 ttl=62 time=158.375 ms
root@GL-AR750S:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
ping: sendto: No error information

If I set 0.0.0.0/0 as allowedips (route all traffic trough VPN), internet works. The weird thing is that ip route command shows same result for both cases.

alzhao · September 13, 2019, 3:48am

Are you setting wireguard on AR750s as client? Where and what is your Wireguard server please?

If you only work with AR750S as client you can just use VPN polices.

If you are working with multiple AR750S in different locations, you can use our Site-to-Site solution.