Hello everyone. .
I’m trying to make this configuration work (OpenVPN Client only for guest Wi-Fi network + Wireguard server)
The result is that the Wireguard server stops working (to connect from outside the LAN) when I activate the OpenVPN client. I thought that both could be executed at the same time.
The Wireguard Server works correctly when only it is activated (OpenVPN Client unactivated).
The OpenVPN Server works correctly in any situation,
Is there anything I’m missing?
Just want to make sure I understand correctly. You want to connect to your home network through Wireguard, then you want that traffic to not use the OpenVPN tunnel but exit through your WAN( this is your ISP,or the internet). You then want LAN Guest traffic to only use the OpenVPN tunnel and the rest of the LAN traffic to exit through the WAN.
The openVPN client is changing the ip address for the Wireguard Sever causing it to become unreachable. I think it can be done with just firewall rules. If you have a static IP from you ISP Port forwarding should work otherwise you will need to use GL.iNet DDNS or another.
Check this thread:
Johnex on 7-24-2020
Posted this.
I do not work for and I am not directly associated with GL.iNet 
Thank you very much for the detailed answer.
You have fully understood my network environment and what I would like to achieve.
I have noticed this error in Wireguard (Wireguard on the client tries to connect to the IP of the OpenVPN server)
To solve this I am using a DDNS ( duckdns ) and the address to which the client tries to connect is already correct, following the format “WANIP:51820” however it still does not work (when I activate OpenVPN)
I may have to add some additional configuration.
It’s hard for me to understand what’s wrong. I’ve been checking this all afternoon and I don’t see what’s wrong.
Thank you very much for any help!
It may take a little bit for the DDNS to up date. GL.iNet says as long as 10 min and re update every 10 mins that could be it.
No, my public ip hasn’t changed all day, the DDNS is OK
Thank you for your help!
This is a bug. Fixed in firmware 4.1.0 release 2.
Please refer to this thread.
This hasn’t worked for me.
Notes:)
-I have OpenVPN enabled as a client
-I have enabled Wireguard as a server
-I have enabled “VPN Cascading”
-The DDNS is working correctly ( when I connect in my phone to the server I can see the correct ip )
-The cell phone doesn’t receive handshake
What am I missing?
Do I have to open/redirect ports? (This does it automatically, true?)
Mobile Client Configuration:
Other configuration of the slate ax:
Is there anything that can conflict?
Is there anything else I need to configure?
:S
Edit-1: I have seen a difference in VPN cascading tutorial:
Is it necessary to have the OpenVPN server enabled for my configuration to work?
Logically, I understand that no, but I’m desperate and I can’t find what’s wrong
Edit-2: I have started the Open-VPN server and everything remains the same, WireGuard does not work.
Edit-3: By the way, with the Wireguard configuration shown above in the screenshots if I deactivate the OpenVPN CLIENT the connection is made correctly from my mobile (outside the LAN)
Edit-4: I have noticed that the configuration generated by the Wireguard server (the QR code) is different if I have the OpenVPN client turned on or off.
So if I generate the configuration with the OpenVPN client turned off and then decide to turn it on, the Wireguard server does NOT work.
If I generate the configuration with the OpenVPN client turned on, it doesn’t work either.
I just wanted to point this out.
There is nothing need to be done. It should just works.
I don’t know any reason that will cause this problem.
So, what is the problem now? When you connect, there is no Internet?
When I connect there is no internet, 0 clients appear in the control panel of the router, it does not make the handshake.
I have reset the router and set everything up again by following these steps:
1: Add OpenVPN client
2: Create Wireguard configuration.
3: I create a profile for the client device in WireGuard.
4: Active DDNS
5: Active VPN Cascading
6: QR generate for the client by activating the option to use DDNS
7: Active Wireguard Server on the router
8: I add the settings to the mobile.
9: The VPN on the mobile " connects", I try to browse but nothing happens.
Router logs:
Mobile client logs ( From the first start until I stop it )
2022-10-21 19:16:13.131121: [APP] App version: 1.0.15 (26)
2022-10-21 19:17:07.293076: [APP] startActivation: Entering (tunnel: home)
2022-10-21 19:17:07.295231: [APP] startActivation: Starting tunnel
2022-10-21 19:17:07.295669: [APP] startActivation: Success
2022-10-21 19:17:07.305223: [APP] Tunnel ‘home’ connection status changed to ‘connecting’
2022-10-21 19:17:07.445316: [NET] App version: 1.0.15 (26)
2022-10-21 19:17:07.445529: [NET] Starting tunnel from the app
2022-10-21 19:17:12.135535: [NET] DNS64: mapped 217.138.218.XXX to itself.
2022-10-21 19:17:12.136320: [NET] Attaching to interface
2022-10-21 19:17:12.136838: [NET] Routine: decryption worker 3 - started
2022-10-21 19:17:12.136834: [NET] UAPI: Updating private key
2022-10-21 19:17:12.136889: [NET] Routine: encryption worker 1 - started
2022-10-21 19:17:12.136902: [NET] Routine: decryption worker 5 - started
2022-10-21 19:17:12.136947: [NET] Routine: decryption worker 1 - started
2022-10-21 19:17:12.137001: [NET] Routine: decryption worker 2 - started
2022-10-21 19:17:12.137038: [NET] Routine: handshake worker 1 - started
2022-10-21 19:17:12.137068: [NET] Routine: handshake worker 2 - started
2022-10-21 19:17:12.137113: [NET] Routine: decryption worker 4 - started
2022-10-21 19:17:12.137119: [NET] Routine: handshake worker 4 - started
2022-10-21 19:17:12.137124: [NET] UAPI: Updating listen port
2022-10-21 19:17:12.137135: [NET] Routine: encryption worker 3 - started
2022-10-21 19:17:12.137175: [NET] Routine: encryption worker 2 - started
2022-10-21 19:17:12.137184: [NET] Routine: decryption worker 6 - started
2022-10-21 19:17:12.137238: [NET] Routine: encryption worker 5 - started
2022-10-21 19:17:12.137263: [NET] Routine: handshake worker 3 - started
2022-10-21 19:17:12.137272: [NET] Routine: encryption worker 4 - started
2022-10-21 19:17:12.137290: [NET] Routine: event worker - started
2022-10-21 19:17:12.137331: [NET] Routine: handshake worker 6 - started
2022-10-21 19:17:12.137349: [NET] UAPI: Removing all peers
2022-10-21 19:17:12.137371: [NET] Routine: TUN reader - started
2022-10-21 19:17:12.137431: [NET] Routine: handshake worker 5 - started
2022-10-21 19:17:12.137436: [NET] Routine: encryption worker 6 - started
2022-10-21 19:17:12.137880: [NET] peer(3i0j…Htj8) - UAPI: Created
2022-10-21 19:17:12.137934: [NET] peer(3i0j…Htj8) - UAPI: Updating endpoint
2022-10-21 19:17:12.138088: [NET] peer(3i0j…Htj8) - UAPI: Updating persistent keepalive interval
2022-10-21 19:17:12.138133: [NET] peer(3i0j…Htj8) - UAPI: Removing all allowedips
2022-10-21 19:17:12.138227: [NET] peer(3i0j…Htj8) - UAPI: Adding allowedip
2022-10-21 19:17:12.138307: [NET] peer(3i0j…Htj8) - UAPI: Adding allowedip
2022-10-21 19:17:12.138675: [NET] UDP bind has been updated
2022-10-21 19:17:12.138720: [NET] peer(3i0j…Htj8) - Starting
2022-10-21 19:17:12.138726: [NET] Routine: receive incoming v6 - started
2022-10-21 19:17:12.138754: [NET] Routine: receive incoming v4 - started
2022-10-21 19:17:12.138869: [NET] peer(3i0j…Htj8) - Sending keepalive packet
2022-10-21 19:17:12.138940: [NET] peer(3i0j…Htj8) - Sending handshake initiation
2022-10-21 19:17:12.139147: [NET] peer(3i0j…Htj8) - Routine: sequential sender - started
2022-10-21 19:17:12.139196: [NET] peer(3i0j…Htj8) - Routine: sequential receiver - started
2022-10-21 19:17:12.139910: [NET] Interface state was Down, requested Up, now Up
2022-10-21 19:17:12.139965: [NET] Device started
2022-10-21 19:17:12.140095: [NET] Tunnel interface is utun8
2022-10-21 19:17:12.141691: [NET] Network change detected with satisfied route and interface order [pdp_ip0]
2022-10-21 19:17:12.141766: [APP] Tunnel ‘home’ connection status changed to ‘connected’
2022-10-21 19:17:12.142009: [NET] DNS64: mapped 217.138.218.XXX to itself.
2022-10-21 19:17:12.142179: [NET] peer(3i0j…Htj8) - UAPI: Updating endpoint
2022-10-21 19:17:12.142348: [NET] Routine: receive incoming v4 - stopped
2022-10-21 19:17:12.142442: [NET] Routine: receive incoming v6 - stopped
2022-10-21 19:17:12.142491: [NET] Network change detected with satisfied route and interface order [pdp_ip0, utun8]
2022-10-21 19:17:12.142754: [NET] DNS64: mapped 217.138.218.XXX to itself.
2022-10-21 19:17:12.142809: [NET] peer(3i0j…Htj8) - UAPI: Updating endpoint
2022-10-21 19:17:12.142964: [NET] UDP bind has been updated
2022-10-21 19:17:12.142972: [NET] Routine: receive incoming v4 - started
2022-10-21 19:17:12.142991: [NET] Routine: receive incoming v6 - started
2022-10-21 19:17:12.143109: [NET] Routine: receive incoming v4 - stopped
2022-10-21 19:17:12.143205: [NET] Routine: receive incoming v6 - stopped
2022-10-21 19:17:12.143332: [NET] UDP bind has been updated
2022-10-21 19:17:12.143428: [NET] Routine: receive incoming v6 - started
2022-10-21 19:17:12.143447: [NET] Routine: receive incoming v4 - started
2022-10-21 19:17:12.295670: [APP] Status update notification timeout for tunnel ‘home’. Tunnel status is now ‘connected’.
2022-10-21 19:17:17.410308: [NET] peer(3i0j…Htj8) - Handshake did not complete after 5 seconds, retrying (try 2)
2022-10-21 19:17:17.410583: [NET] peer(3i0j…Htj8) - Sending handshake initiation
2022-10-21 19:17:22.575039: [NET] peer(3i0j…Htj8) - Handshake did not complete after 5 seconds, retrying (try 2)
2022-10-21 19:17:22.575253: [NET] peer(3i0j…Htj8) - Sending handshake initiation
2022-10-21 19:17:27.860628: [NET] peer(3i0j…Htj8) - Handshake did not complete after 5 seconds, retrying (try 2)
2022-10-21 19:17:27.860797: [NET] peer(3i0j…Htj8) - Sending handshake initiation
2022-10-21 19:17:33.040365: [NET] peer(3i0j…Htj8) - Handshake did not complete after 5 seconds, retrying (try 2)
2022-10-21 19:17:33.040594: [NET] peer(3i0j…Htj8) - Sending handshake initiation
2022-10-21 19:17:38.294166: [NET] peer(3i0j…Htj8) - Handshake did not complete after 5 seconds, retrying (try 2)
2022-10-21 19:17:38.294439: [NET] peer(3i0j…Htj8) - Sending handshake initiation
2022-10-21 19:17:43.478375: [NET] peer(3i0j…Htj8) - Sending handshake initiation
2022-10-21 19:17:48.559265: [NET] peer(3i0j…Htj8) - Handshake did not complete after 5 seconds, retrying (try 2)
2022-10-21 19:17:48.559448: [NET] peer(3i0j…Htj8) - Sending handshake initiation
2022-10-21 19:17:53.866179: [NET] peer(3i0j…Htj8) - Handshake did not complete after 5 seconds, retrying (try 2)
2022-10-21 19:17:53.866297: [NET] peer(3i0j…Htj8) - Sending handshake initiation
2022-10-21 19:17:59.008797: [NET] peer(3i0j…Htj8) - Handshake did not complete after 5 seconds, retrying (try 2)
2022-10-21 19:17:59.009080: [NET] peer(3i0j…Htj8) - Sending handshake initiation
2022-10-21 19:18:04.151367: [NET] peer(3i0j…Htj8) - Handshake did not complete after 5 seconds, retrying (try 3)
2022-10-21 19:18:04.151665: [NET] peer(3i0j…Htj8) - Sending handshake initiation
2022-10-21 19:18:09.444421: [NET] peer(3i0j…Htj8) - Handshake did not complete after 5 seconds, retrying (try 2)
2022-10-21 19:18:09.444810: [NET] peer(3i0j…Htj8) - Sending handshake initiation
2022-10-21 19:18:14.710005: [NET] peer(3i0j…Htj8) - Handshake did not complete after 5 seconds, retrying (try 2)
2022-10-21 19:18:14.710250: [NET] peer(3i0j…Htj8) - Sending handshake initiation
2022-10-21 19:18:19.789596: [NET] peer(3i0j…Htj8) - Handshake did not complete after 5 seconds, retrying (try 2)
2022-10-21 19:18:19.789796: [NET] peer(3i0j…Htj8) - Sending handshake initiation
2022-10-21 19:18:24.901945: [NET] peer(3i0j…Htj8) - Handshake did not complete after 5 seconds, retrying (try 2)
2022-10-21 19:18:24.902227: [NET] peer(3i0j…Htj8) - Sending handshake initiation
2022-10-21 19:18:28.746224: [APP] startDeactivation: Tunnel: home
2022-10-21 19:18:28.751797: [APP] Tunnel ‘home’ connection status changed to ‘disconnecting’
2022-10-21 19:18:28.859448: [NET] Network change detected with satisfied route and interface order [pdp_ip0]
2022-10-21 19:18:28.860383: [NET] DNS64: mapped 217.138.218.XXX to itself.
2022-10-21 19:18:28.860683: [NET] peer(3i0j…Htj8) - UAPI: Updating endpoint
2022-10-21 19:18:28.861062: [NET] Routine: receive incoming v4 - stopped
2022-10-21 19:18:28.861159: [NET] Routine: receive incoming v6 - stopped
2022-10-21 19:18:28.861763: [NET] UDP bind has been updated
2022-10-21 19:18:28.861804: [NET] Routine: receive incoming v4 - started
2022-10-21 19:18:28.861869: [NET] Routine: receive incoming v6 - started
2022-10-21 19:18:29.058551: [NET] Stopping tunnel
2022-10-21 19:18:29.058852: [NET] Device closing
2022-10-21 19:18:29.059091: [NET] Routine: TUN reader - stopped
2022-10-21 19:18:29.059195: [NET] Routine: event worker - stopped
2022-10-21 19:18:29.059268: [NET] Routine: receive incoming v4 - stopped
2022-10-21 19:18:29.059385: [NET] Routine: receive incoming v6 - stopped
2022-10-21 19:18:29.059539: [NET] peer(3i0j…Htj8) - Stopping
2022-10-21 19:18:29.059701: [NET] peer(3i0j…Htj8) - Routine: sequential receiver - stopped
2022-10-21 19:18:29.059725: [NET] peer(3i0j…Htj8) - Routine: sequential sender - stopped
2022-10-21 19:18:29.060045: [NET] Device closed
2022-10-21 19:18:29.060089: [NET] Routine: handshake worker 2 - stopped
2022-10-21 19:18:29.060084: [NET] Routine: decryption worker 3 - stopped
2022-10-21 19:18:29.060148: [NET] Routine: handshake worker 3 - stopped
2022-10-21 19:18:29.060152: [NET] Routine: handshake worker 5 - stopped
2022-10-21 19:18:29.060266: [NET] Routine: handshake worker 1 - stopped
2022-10-21 19:18:29.060309: [NET] Routine: handshake worker 6 - stopped
2022-10-21 19:18:29.060249: [NET] Routine: handshake worker 4 - stopped
2022-10-21 19:18:29.060330: [NET] Routine: decryption worker 1 - stopped
2022-10-21 19:18:29.060339: [NET] Routine: decryption worker 2 - stopped
2022-10-21 19:18:29.060339: [NET] Routine: decryption worker 6 - stopped
2022-10-21 19:18:29.060419: [NET] Routine: decryption worker 5 - stopped
2022-10-21 19:18:29.060412: [NET] Routine: decryption worker 4 - stopped
2022-10-21 19:18:29.060456: [NET] Routine: encryption worker 1 - stopped
2022-10-21 19:18:29.060546: [NET] Routine: encryption worker 4 - stopped
2022-10-21 19:18:29.060540: [NET] Routine: encryption worker 2 - stopped
2022-10-21 19:18:29.060554: [NET] Routine: encryption worker 6 - stopped
2022-10-21 19:18:29.060638: [NET] Routine: encryption worker 5 - stopped
2022-10-21 19:18:29.060658: [NET] Routine: encryption worker 3 - stopped
2022-10-21 19:18:29.082763: [APP] Tunnel ‘home’ connection status changed to ‘disconnected’
I need to make this work, I need this function to work. 
What’s happening?
It looks like it needs more time and is timing out at 2022-10-21 19:17:12.295670
Is “home” 217.138.218.xxx
It seems everything gets started but is arriving out of order
I am not familiar with “Cascading”
So I don’t see your WAN IP of 5.205.236.xx anywhere in the log and it looks like it is trying to exit by the openVPN client.
Check the firewall Zones is the only thing I can think of?
________________ Input | Output | Forwarding
wgserver===>wan |Accept | Accept | Accept
wan====>wgserver Accept | Accept | Accept
I am not a 100% on that. My reasoning is everything needs to pass back and fourth between the wgserver and wan.
can you confirm one thing,
If you disconnect OpenVPN client on the router, you can connect to your Wireguard server?
I met a case that this happens but still don’t know why because it does not happen in my side. I need to look further.
Thank you for your interest and the desire to help!
If I deactivate the OpenVPN client, it does NOT work for me. But if I deactivate the OpenVPN client and generate a new configuration in WireGuard then it does work.
( I have kept the VPN Cascading “enable” in the test, I have not changed its settings )
Yes, I also thought that the problems came from here.
My firewall doesn’t have rules:
But in theory there is no need to add any rules, I understand that the router does all the work in the background when activating Wireguard Server:
In LuCi under firewall there is Zones that I think need to change that have not.
Yes, maybe I also think the problem comes from there.
