Split VPN Tunnel with WireGuard doesn't appear to work?

Routers VPN, DNS, Leaks
1

GL-BE3600, v4.8.1

WAN Config

  • In Repeater mode, connected to wifi

VPN Config

  • Policy Mode
  • Priority 1 Tunnel
    • From: All Clients
    • To: 10.0.0.0/24
    • Via: Wireguard Client
  • All other traffic mode enabled

Wireguard Client Config

[Interface]
Address = 10.66.66.5/32,fd42:42:42::5/128
PrivateKey = foobar123
DNS = 10.0.0.3

[Peer]
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = foo.bar.com:50924
PersistentKeepalive = 25
PublicKey = foobar123
PresharedKey = foobar123

DNS Config

  • Server 1: 1.1.1.1
  • Server 2: 1.0.0.1
  • Server 3: 8.8.8.8
  • Server 4: 10.0.0.3
  • Allow Custom DNS to Override VPN DNS: True

Other Details

  • Can connect to the VPN and use it on devices directly, proving that the WAN/Repeater network isn’t somehow blocking VPN traffic
  • Have also tried setting AllowedIPs = 10.0.0.0/24
  • Can’t ping anything in 10.0.0.0/24
  • Can’t traceroute anything in 10.0.0.0/24
  • Nothing getting blocked on the remote firewall end…

What gives??? Does this just not work? Pretty sure I know how to configure this, but apparently not?

Not too bothered about DNS but why can’t I reach anything here?

3

Hello,

Please try importing this VPN profile into the WireGuard APP on your phone and test if this profile is able to connect server and access the internet property.

If it works, please disconnect WireGuard of phone and enable VPN client with this profile on the router, then check the VPN log.

4

Hello! Try replacing the VPN altogether and reinstalling the protocol or replacing it with an alternative.

I can recommend NoProx — it works reliably and quickly!

5

Hello,

  • Yes, my Wireguard profile 100% works correctly when remote from my network.
  • I was able to fix connectivity using the following commands
    uci add network route
    uci set network.@route[-1].interface='wgclient1'
    uci set network.@route[-1].target='10.0.0.0'
    uci set network.@route[-1].netmask='255.255.255.0'
    uci commit network
    /etc/init.d/network reload
  • After some time, this has now stopped working >_>
  • I also cannot get DNS to work
  • Overall, it seems your support for Wireguard is pretty rubbish / not really existant and I shouldn’t have to be spending all my time on SSH trying to fix things that should work out of the box
6

Normal expectations in GL router firmware after the VPN tunnel connection is successful, the route will be added automatically.

Please share your router BE3600 with us through GoodCloud, and we will check your router remotely.

Please PM me your router MAC address and the Admin Panel password.