LAN: 192.168.8.0/24
Firmware: 3.216 (2023-03-21 17:32:40)
WireGuard provider: Surfshark
Connected devices: Linux laptop (Cat 5E), Android phone (2.4G); Win 10 laptop
Hello all,
This router is behind another router (192.168.10.0/24) which has a functioning Surfshark endpoint. I know it’s not an issue on Surfshark’s side because the upstream router has been using its WG profiles/endpoints for over a week, if not more.
I’ve updated the Certa to the latest firmware but seem to be in a spot of bother. It’s a fresh install, no kept settings. I uploaded/pasted in my WG profiles. I followed the instructions per v3 Docs on ‘Setup WireGuard on GL.iNet router.’
SSH’ing into the Linux laptop & executing curl echo.net/plain; echo returns an endpoint IP as expected. However trying to simulate web browsing, (eg: curl static • gl-inet • com/www/images/press/GL-iNet_logo_white • svg) does get an IP for the site in question, connects (eg: static • gl-inet • com)|99.84.108.80|:443) but nothing further happens. I’m looking a prompt doing nothing as I type this.
There is no firewall on the Linux laptop. I haven’t tested the Android phone’s connection as that’s Wi-Fi… so I didn’t want to complicate matters.
I enabled VPN Policies, adding the Linux laptop, Android phone to it. All three toggles are enabled. The two devices MACs are the only ones allowed to use the VPN. All three device MACs show in /tmp/dhcp.leases.
I retest. Only the Win 10 laptop, being outside of the VPN Policy, is able to pull down that SVG. I restart the Linux laptop’s NetworkManager to clear any DNS cache & retest. No change.
There’s nothing added to the Certa other than the Surfshark WG profiles. All other radios are off. LuCI can be installed if needed.
What am I missing? GL-iNet’s Youtube video on the matter makes it look like a ten second setup process.
wg
interface: wg0
public key: y[REDACTED]=
private key: (hidden)
listening port: 58369peer: W[REDACTED]=
endpoint: 37.19.211.119:51820
allowed ips: 0.0.0.0/0
latest handshake: 55 seconds ago
transfer: 26.57 MiB received, 2.41 MiB sent
persistent keepalive: every 25 seconds
route -ne
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 0.0.0.0 128.0.0.0 U 0 0 0 wg0
0.0.0.0 192.168.10.1 0.0.0.0 UG 0 0 0 eth0
10.14.0.0 0.0.0.0 255.255.0.0 U 0 0 0 wg0
37.19.211.52 192.168.10.1 255.255.255.255 UGH 0 0 0 eth0
37.19.211.94 192.168.10.1 255.255.255.255 UGH 0 0 0 eth0
37.19.211.107 192.168.10.1 255.255.255.255 UGH 0 0 0 eth0
37.19.211.119 192.168.10.1 255.255.255.255 UGH 0 0 0 eth0
128.0.0.0 0.0.0.0 128.0.0.0 U 0 0 0 wg0
192.168.8.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
208.78.41.69 192.168.10.1 255.255.255.255 UGH 0 0 0 eth0
208.78.41.107 192.168.10.1 255.255.255.255 UGH 0 0 0 eth0
208.78.41.200 192.168.10.1 255.255.255.255 UGH 0 0 0 eth0
cat /tmp/resolv.conf
search lan
nameserver 127.0.0.1
cat /tmp/resolv.conf.auto
# Interface wan
nameserver 192.168.10.1
search local.lan
cat /tmp/resolv.conf.vpn
nameserver 162.252.172.57
nameserver 149.154.159.92
cat /etc/config/dhcp
config dnsmasq
option domainneeded ‘1’
option boguspriv ‘1’
option filterwin2k ‘0’
option localise_queries ‘1’
option rebind_protection ‘1’
option rebind_localhost ‘1’
option local ‘/lan/’
option domain ‘lan’
option expandhosts ‘1’
option nonegcache ‘0’
option authoritative ‘1’
option readethers ‘1’
option leasefile ‘/tmp/dhcp.leases’
option nonwildcard ‘1’
option localservice ‘1’
option resolvfile ‘/tmp/resolv.conf.vpn’config dhcp ‘lan’
option interface ‘lan’
option start ‘100’
option limit ‘150’
option leasetime ‘12h’
option force ‘1’
option dhcpv6 ‘disabled’
option ra ‘disabled’config dhcp ‘wan’
option interface ‘wan’
option ignore ‘1’config odhcpd ‘odhcpd’
option maindhcp ‘0’
option leasefile ‘/tmp/hosts/odhcpd’
option leasetrigger ‘/usr/sbin/odhcpd-update’
option loglevel ‘4’config dhcp ‘guest’
option interface ‘guest’
option start ‘100’
option leasetime ‘12h’
option limit ‘150’
option dhcpv6 ‘disabled’
option ra ‘disabled’config domain ‘localhost’
option name ‘console.gl-inet.com’
option ip ‘192.168.8.1’