SFT1200 not updating package sources

Technical Support for Routers
1

I have just received my SFT1200 and want to start using it. After a firmware upgrade to v4.3.21 I now tried to prepare my VPN setup (Ubiquiti router). This keeps failing with the error shown below:

kern.info kernel: [ 7243.960610] wireguard: wireguard-hotplug IFNAME=wgclient ACTION=REKEY-TIMEOUT

My phone and all other mobile device connect without any issue, so VPN config should be valid.

Looking at my application plug-ins I noticed that I might be using very old package repositories, see screenshot below:

image
image1180×502 45.1 KB

This now shows the latest kmod-wireguard released in 2018?

image
image820×778 52.6 KB

Where can I find new fw.gl-inet repositories?

2

You can't (and shouldn't) update the base OS of the device like this.

New software versions will be provided by firmware update only.
Your WireGuard issue is a different one, check How to troubleshoot WireGuard

3

Hi @admon ,

I am not trying to update the OS itself, only the installed "plug-ins". Looking at the package filename it seems that the only version available is from December 2018.

The page you linked mostly focusses on the setup of a Wireguard VPN server. I already have a working server configured and want to use this router when I check in to a hotel, so I always have a secure connection. I don't see those debugging options on that page, maybe I am missing something?

Is it possible to enable some more debug logging on de Wireguard client? Now I only see this:

Sat Dec 7 16:01:01 2024 daemon.notice netifd: Interface 'wgclient' is setting up now
Sat Dec 7 16:01:07 2024 kern.info kernel: [ 601.576578] wireguard: wireguard-hotplug IFNAME=wgclient ACTION=REKEY-TIMEOUT
Sat Dec 7 16:01:13 2024 kern.info kernel: [ 607.401305] wireguard: wireguard-hotplug IFNAME=wgclient ACTION=REKEY-TIMEOUT

4

Please simply forget that this "plug-in" page exists. Updating plugins there can cause bricking the device. It's only for advanced users and very special use-cases.

There is no debug option for WireGuard in general. The page I linked is about the whole construct, you need to check each of this option. Start by making sure you do have some public IP, then by making sure the networks of the routers are different and then up to "Is Internet generally working" and "Might the hotel block the VPN"?

Never test from inside your network - always use a hotspot for testing.

5

Aah, I will stay away from that page :slight_smile: .

It still bugs me that there is no way to debug the VPN connection. I've tried testing the VPN connection using my neighbours WiFi and using my phone's connection via usb-tethering (with WiFi turned off).

Looking at that page

  1. Web Interface: VPN is present in UI
  2. Network config: Netwerk of the VPN server does not have any subnet containing 192.168.8.0/24
  3. Mobile networks: That's is aimed at setting up a Wireguard server
  4. Port forwarding: That's is aimed at setting up a Wireguard server
  5. Blocked ports: Port is not blocked by both client and server provider. Phone 4G connection and neighbour WiFi are able to connect other devices
  6. Config: Config is generated by the VPN server. I tested the config file with another client on the same mobile hotspot and that works as expected.
  7. Routing: I am routing everything through the VPN, so config contains 0.0.0.0/0 (no IPv6)
  8. DNS server: tried both auto and 1.1.1.1
  9. MTU: I've tried changing this value, did not help
  10. It is not even able to initiate the connection. I also don't see any loss of packets through the network.
6

Can you confirm that only one router is using 192.168.8.x? And 192.168.9.x should be avoided as well.

7

Can confirm, first IP ranges start from 192.168.10.0/24.

I was able to solve it, did a full factory reset. After resetting it, it magically worked. Could be a missed setting somewhere.

@admon Thanks for trying to assist!

1 Like
8

Glad that it works now :slight_smile: