Slate AX (GL-AXT1800) Wireguard Issue (REKEY-TIMEOUT)

alzhao · 2023-01-04T20:03:41.640Z

Pls try clean installation and Configure again.

hectorricardo · 2023-01-05T19:18:25.005Z

I have done that several times. I have done the following:

Pressing the outer hardware button on the router for 10 seconds.
Using the admin UI, clicking on the “Reset Firmware” button.
Install a new version of a firmware (4.0.2).

The issue is not solved with any of these steps.

KelvinCloin · 2023-01-05T20:54:03.631Z

I was planning to buy an AX next week, now I’m unsure. Maybe the Flint would be safer

alzhao · 2023-01-07T15:57:34.079Z

So seems that the wireguard does not work on your Andriod tethering now. Now sure what is the problem.

hectorricardo · 2023-01-07T17:30:45.696Z

Not only on Android, but also with the iPhone.

alzhao · 2023-01-08T05:25:25.731Z

Can you try change mtu as in this post

Beryl Wireguard VPN Client Has Randomly Stopped Working (Log included, Please Help) Technical Support for Routers

Update: We changed to a smaller MTU, the connection gets successful. Let’s see if there is an improvement. [image]

hectorricardo · 2023-01-08T20:50:40.644Z

I did, but no success. Still same error:

image1368×796 47.1 KB

alzhao · 2023-01-10T00:44:46.869Z

Today I worked with @hectorricardo to solve the problem. Several problems are identified.

The wireguard config from Starvpn use domain name as endpoint. The domain resolves to several IP addresses. Different network will resolve to different IP address. Some IP addresses does not work. When hard core to certain IP address, it works OK. So this is definately a problem of Startvpn. This is verified on windows pc as well.
Two bugs identified on our firmware: (a) The firmware does not work well with two IP address in wireguard config; (b) not be able to edit wireguard config in @hectorricardo’s macbook browser. I can edit in my Chrome though.

image1585×839 150 KB

image707×192 8.7 KB

Jester · 2023-01-15T04:53:36.149Z

Luckily I found this topic.

New GL-AXT1800, facing EXACTLY same issue.

WG server is operational, same config exported to mac client works without any issues.

What I have tried:

replace server hostname with IP to exclude DNS related issues;
change VPN settings on AXT-1800 as some advised in the thread.

So far nothing helped, I am still getting REKEY-TIMEOUT.

alzhao · 2023-01-17T02:31:50.781Z

You can send details to me to check.

All the issues I checked has a different reason.

Jester · 2023-01-17T02:44:29.491Z

@alzhao thank you - I’ll do that. What details you are looking for?

alzhao · 2023-01-17T04:42:23.169Z

Pls read this post 4.x Wireguard REKEY-TIMEOUT troubleshooting

You can pm me your wireguard config, detailed network setup and issues to check. If the problem is you cannot connect to Wireguard at all, I think I can find the problem quickly.

Jester · 2023-01-17T08:12:54.465Z

Sorry I don’t see how to PM on this forum. Am I have Pms disabled?

As for the configuration - I have set up Wireguard VPN on Raspberry using pivpn scripts. The raspberry is at my home network behind NAT, so I set up port forwarding for TCP/UDP. Wireguard uses non default port (but from very same range).

Moved AXT1800 out of home network and tried to connect - got REKEY-TIMEOUT. Thought something wrong with port forwarding, so brought it home, changed server name to local IP (192.168.1.x), tried same - got same response REKEY-TIMEOUT.

Then I decided to test the VPN - installed Wireguard client on my laptop, used same config as on AXT-1800 - and it connected in a second. Wireguard client on laptop works even when I am outside of local network, so port forwarding proved to be working fine.

At home AXT1800 is connected via WiFi to local network(192.168.1.x). All devices are connected to AXT1800 network (192.168.8.x), there is no problem in connectivity whatsoever.

alzhao · 2023-01-17T09:41:01.645Z

Let me pm you and you can reply me.

dirr · 2023-01-17T16:41:47.026Z

I’ve been following this thread for a few weeks hoping to find a solution. I also have the REKEY TIMEOUT issue. Only using mullvad.

New Slate AX 1800
Tried multiple firmwares including the latest 4.2 beta 2.
-Previous versions didn’t let me pull a mullvad config at all when putting in my account number.
-4.2 allows me to pull the mullvad account from the settings page, but still have a REKEY TIMEOUT when trying to connect.
-OpenVPN works
Using the router at home, not 4G/5G
Not using IPV6
Not using DDNS
Commercial mullvad service.
Not using Adguardblock

Can you pm me to help resolve this issue?

alzhao · 2023-01-20T01:42:55.469Z

I sent you a message.

alzhao · 2023-01-20T01:46:13.162Z

I am closing this thread because it does not help to solve issues.

I was able to solve most of the issues that comes with me with details. Reasons include wrong server config, vpn service provider bug, ddns issue, UI related bugs, vpn cascading not supported in old firmware etc.

For more info pls refer to 4.x Wireguard REKEY-TIMEOUT troubleshooting

If you have issues of Wireguard connection, please

Read the agove post
Open your own thread with details.

alzhao · 2023-01-20T01:46:17.436Z

alzhao · 2023-01-20T08:08:12.222Z

After check. It is old firmware problem. After upgrade to 4.2 it works OK.

alzhao · 2023-01-24T03:22:44.440Z

dirr:

I’ve been following this thread for a few weeks hoping to find a solution. I also have the REKEY TIMEOUT issue. Only using mullvad.

New Slate AX 1800

Tried multiple firmwares including the latest 4.2 beta 2.
-Previous versions didn’t let me pull a mullvad config at all when putting in my account number.
-4.2 allows me to pull the mullvad account from the settings page, but still have a REKEY TIMEOUT when trying to connect.
-OpenVPN works

Using the router at home, not 4G/5G

Not using IPV6

Not using DDNS

Commercial mullvad service.

Not using Adguardblock

Can you pm me to help resolve this issue?

After check and deep test, seems the issue is related to parent router (which is a netgear) and mac address. When Slate AX cloned mac address of laptop or phone, wiregard connects. It does not connect with the original mac address. Nothing has been found in the netgear settings related to this. So it is still a mystery.