Slate AX (GL-AXT1800) Wireguard Issue (REKEY-TIMEOUT)

Technical Support for Routers
21

I have never needed to change the MTU size to get the VPN working. I already tried changing the MTU size manually, but as expected, that didn’t make a change. Additionally, my VPN provider (StarVPN) does not recommend setting the MTU manually.

Here’s the situation:

Scenario 1: VPN off, router connected to my home Internet connection - Working
Scenario 2: VPN on, router connected to my home Internet connection - Working
Scenario 3: VPN off, router connected to Android device with USB tethering - Working
Scenario 4: VPN on, router connected to Android device with USB tethering - Not working

Additionally:

Router came with firmware 4.0.3 preinstalled → Scenario 4 was working
I upgraded to firmware 4.1.0 → Scenario 4 stopped working
I downgraded to firmware 4.0.3 → Scenario 4 still not working.
Reset back to factory settings → Scenario 4 still not working

Happy to share my Wireguard config file if this is needed.

22

You can share to me. But ustually carrier network and vpn issues are related to mtu.

I can have a try on my iPhone tethering but not sure if I can met the same problem.

23

I mean…it worked with the pre-installed 4.0.3 firmware, and I used the VPN for about ten minutes. I even turned on/off my Internet connection on the Android device to confirm that it was actually getting connectivity from USB tethering. Problems started as soon as I upgraded to 4.1.0.

Android device is connected to the same Internet connection as in scenario 1 and 2, so this is not a carrier network issue.

How do I share it to you? Can you provide an email?

24

So the Android is actually connecting to your wifi and share to via USB?

Just share with PM.

25

Correct. Android is connected to wifi. However, before upgrading to 4.1.0, it worked with both Wifi and Mobile Data.

Everything (all four scenarios) was working with the pre-installed 4.0.3 firmware. Issues started by upgrading to 4.1.0

26

Did you keep settings when you revert back from 4.1.0 to 4.0.3?

If you didn’t keep settings then it should not relate to firmware version.

27

I did keep the settings. The Wireguard config is in place.

28

Pls try clean installation and Configure again.

29

I have done that several times. I have done the following:

  • Pressing the outer hardware button on the router for 10 seconds.
  • Using the admin UI, clicking on the “Reset Firmware” button.
  • Install a new version of a firmware (4.0.2).

The issue is not solved with any of these steps.

30

I was planning to buy an AX next week, now I’m unsure. Maybe the Flint would be safer

31

So seems that the wireguard does not work on your Andriod tethering now. Now sure what is the problem.

32

Not only on Android, but also with the iPhone.

33

Can you try change mtu as in this post

34

I did, but no success. Still same error:

image
image1368×796 47.1 KB

35

Today I worked with @hectorricardo to solve the problem. Several problems are identified.

  1. The wireguard config from Starvpn use domain name as endpoint. The domain resolves to several IP addresses. Different network will resolve to different IP address. Some IP addresses does not work. When hard core to certain IP address, it works OK. So this is definately a problem of Startvpn. This is verified on windows pc as well.
  2. Two bugs identified on our firmware: (a) The firmware does not work well with two IP address in wireguard config; (b) not be able to edit wireguard config in @hectorricardo’s macbook browser. I can edit in my Chrome though.

image
image1585×839 150 KB

image
image707×192 8.7 KB

1 Like
36

Luckily I found this topic.

New GL-AXT1800, facing EXACTLY same issue.

WG server is operational, same config exported to mac client works without any issues.

What I have tried:

  • replace server hostname with IP to exclude DNS related issues;
  • change VPN settings on AXT-1800 as some advised in the thread.

So far nothing helped, I am still getting REKEY-TIMEOUT.

37

You can send details to me to check.

All the issues I checked has a different reason.

38

@alzhao thank you - I’ll do that. What details you are looking for?

39

Pls read this post 4.x Wireguard REKEY-TIMEOUT troubleshooting

You can pm me your wireguard config, detailed network setup and issues to check. If the problem is you cannot connect to Wireguard at all, I think I can find the problem quickly.

1 Like
40

Sorry I don’t see how to PM on this forum. Am I have Pms disabled?

As for the configuration - I have set up Wireguard VPN on Raspberry using pivpn scripts. The raspberry is at my home network behind NAT, so I set up port forwarding for TCP/UDP. Wireguard uses non default port (but from very same range).

Moved AXT1800 out of home network and tried to connect - got REKEY-TIMEOUT. Thought something wrong with port forwarding, so brought it home, changed server name to local IP (192.168.1.x), tried same - got same response REKEY-TIMEOUT.

Then I decided to test the VPN - installed Wireguard client on my laptop, used same config as on AXT-1800 - and it connected in a second. Wireguard client on laptop works even when I am outside of local network, so port forwarding proved to be working fine.

At home AXT1800 is connected via WiFi to local network(192.168.1.x). All devices are connected to AXT1800 network (192.168.8.x), there is no problem in connectivity whatsoever.