Trying to create a Wireguard Server on the Flint/ Help Port Forwarding

Hi all, I have the following config:

Home Router → Port Forward to → Flint (Create Wireguard Server) → Travel Router Slave Plus (Wireguard Client)

I am trying to run my Wireguard client on an iPhone device just to test the connection, but it seems not working - I guess the problem is in the Port Forward (I have tried to find some guides, but nothing great)

This is the config at the Home Router:

And the options:

Question - should I edit something at the “Flint Level” - on the Firewall/Open Ports on Router?

After the previous images - the Main Router identifies the Flint (green light) → I run the Wireguard Server on the same Local Port as the images. Then I go → Management → Configurations → Open QR Code in iOS → But in the iOS I cannot navigate (connected to wifi/mobile data…)

Could someone help on trying to create a Wireguard Server on the Flint/ Help Port Forwarding from the Main Router?

Ok. So I see that you disregarded my advice in your original post to replace your router with the Flint (and that’s ok! Your ISP may require you to use their router. Just say so rather than deleting the post!)

There are possibly a couple of issues here, in no particular order.

  1. The “IP address on the internet” looks to be a 192.168.X.X address - which is not an internet routable address. Make sure that your iPhone is connecting to a real internet address.
  2. You’ll want to try the connection from the iPhone not connected to your wireless network due to how traffic routes.

If you want to short-circuit things, just expose the Flint to the internet (the “release this device completely for internet access via IPv4” box).

Also, since you’ve got two GLI devices, check to make sure that you’re forwarding to the right one (either by confirming their address in the GLI interface, or by checking the MAC address.

1 Like

If the main router is provided by your ISP, then you “may” be able to ask ISP Support for assistance? If the main router is your own, then the user manual that should explain how to do port forwarding.

Make sure you have a static public IP address or use DDNS, which has to be in the WireGuard config file.

There are various valid reasons not to replace the main router with the Flint, depending on your entire network setup. For me personally, something like port forwarding should be doable and would not be a sufficient reason to replace the main router.

I do not work for and I am not directly associated with GL.iNet

Different strokes, different folks, but there’s a reason you generally want to terminate your VPNs on the edge of your network.

It’s not a coincidence that many of the support questions in here are something like, “I decided to stick this gl-inet device behind my ISP router and why is it not magically routing all of my LAN traffic out to the VPN like I think it should.” (or some variant of that).

If you understand networking, yes, you can make almost any setup work. But for most home users, having a single router at the edge of the network that’s doing all of the NAT/VPN/routing is probably the best solution.

There are always different reasons and different circumstances. The OP asked specific questions about port forwarding and we should help him by sharing our knowledge and experience, not just saying “you disregarded my advice in your original post to replace your router with the Flint”. He did not ask for your general advice and your advice is not the only solution…

1 Like

Except they did ask for general advice in a previous post, and then deleted it.

Look, I’m sympathetic here, and maybe I’ve just done enough dumb things that I’m at the point that I’d like somebody to tell me if there’s an easier way to accomplish something - or at least ask me some questions about what I’m really trying to accomplish. If there’s a valid reason to keep the main router, great! We can work with that! But if I can save somebody hours of frustration by saying, “Have you considered swapping the routers?” I’m going to at least ask. Sorry if that offends you.

Think about it. Why did he disregard your previous advice? Maybe he did not want to follow it.

Even though the original suggestion was ignored, I did try to help with his current issue. Perhaps I should just move on?

Yes, maybe you shouldn’t be trying to help people who disregard your advice … move on.

BTW. I added you to my ignore list already.

1 Like

Look, happy to try to continue to debug the problem if @pedritocs97 would like. Not my intent for things to get testy.

1 Like

@jdub absolutely sorry for “ignoring” the previous post - I wanted to edit and add more information - so decided to delete it and create a new post. Sorry about it.

So, a few updates: Yes I do know the Main Router as ISP → port forwarding to Flint
In terms of your comments:

  1. I tried to connect my device to different WiFis
  2. Also tried to use mobile network (instead of Wifi)
  3. Also tried to “expose” to the internet and try the WG - did not work

I also tried to use different ports instead of the default. Also tried to create a Rule under Firewall → Open Ports on Router (for UDP)

If I go to Dynamics DNS and try “DDNS Test” I have the following message :

Final note - because I have the Flint and the Slate Plus - I tried for both (the Mac Address matched 100% for Slate and similar to Flint)

I have looked for guidelines on my ISP router (available online) and I think I’m doing everything correctly…

thanks again

How can I make sure I have a static public ip address?
I also tried DDNS → did not work

The ddns test function is buggy.

But from the images seems that you didn’t enable ddns.

Try test your ddns using

1 Like

I activated the DDNS now :

Does this mean it is working? (your website)

This, however, does not change anything in terms of Port Forwarding from the ISP, right?..

Should I try to do what I was doing but edit the WireGuard Peer Endpoint to DDNS:PORT ?

You can just edit.

It seems you just enabled the ddns so it takes time to propagate. It should takes 10 minutes.

updating here, 25min have passed and your website looks better:

I have checked and I do have a Public IP : DHCP enabled - YES

the info I get:

I saw your another post and on Android I do not have the info you highlighted : Wireguard Server on GL-AXT1800 Slate AX - #5 by alzhao

what should I do?

So you have both vpn client and server configured on the router?

ISP router → Port Forwards → to Flint (Which has the WG Server Configured) → Then Client on Travel Router (Now testing with Android Device)

Ok, looks like you’re making some progress, so that’s good. My recommendation at this point would be to break the problem down and see where the issue is.

So I’d probably do:

  1. start by making sure the Wireguard server is actually working correctly in the first place. Edit your config file to use the local (192.168.X.X) IP and get that working first.

  2. find your public IP by googling “what is my IP”. Then try manually editing your file to connect to that IP. Leave the Flint as the DMZ host for the moment so we can eliminate that variable. Try this from your cell phone if you can, or from a completely different network (someone else’s house/apartment).

  3. if that doesn’t work, it may be that your ISP is blocking inbound traffic. That’s usually not the case with high port UDP traffic, but possible.

We can always start looking at configs, etc, but if you’re DMZed then it shouldn’t be a forwarding issue.

Today is a holiday where I am, so I won’t have a ton of time to respond but I’ll try to check in on this as I can.

1 Like

Just an update: I checked with @pedritocs97 remotely and found that the ISP only gives IPv6 IP address. So thing are a little different now.

I will update once I get a solution.

1 Like