Trying to setup Beryl to Beryl to use home IP via wireguard while traveling on the Edgerouter X SFP but can't get it to function properly

Technical Support for Routers
1

Hi there, let me preface that I would say I’m decent with computers but absolutely hopeless when it comes to networking, so I apologize in advance for likely not understanding the responses I’ll get and need clarification. With that in mind, if any potential help could be in plain english and like you’re explaining it to a 5 year old that would be much appreciated :slight_smile:

So I have an Edgerouter X SFP I just bought after my old ASUS router started dying. I got it setup and working okay after struggling a bit and watching some youtube videos on how to get the optimal setup but it is working for me.

Now what I’m trying to do is setup a travel router to connect to another router I have plugged into the Edgerouter at my house so I can use my home IP while traveling. I had it setup on the ASUS router fine but for some reason now when trying to recreate the setup and I turn on the wireguard on the travel router, I just get a “client is starting, please wait…” message and nothing ever changes. The error message I keep getting in the log is:

user.notice: execute ifdown event on interface wgclient (unknown)

user.notice firewall: reloading firewall due to ifdown of wgclient ()

daemon.notice netifd: interface ‘wgclient’ is setting up now

user.notice wireguard-debug USER=root ifname=wgclient ACTION=REKEY-GIVEUP SHLVL=1 HOME=/ HOTPLUG_TYPE=wireguard LOGNAME=root DEVICENAME= TERM=LINUX SUBSSYSTEM=wireguard PATH=/user/sbin:/usr/bin:/sbin:/bin PWD=

daemon.notice netifd: Interface ‘wgclient’ is now down

daemon.notice netifd: Interface ‘wgclient’ is setting up now

then it loops back to the beginning error message

I’m trying to follow the steps that are in this video which I was able to setup on the ASUS router quite easily.

I suspect something is wrong with the port forwarding setup on the edgerouter, but I’m not sure what since the interface there is much more complicated than it was on my old router. Right now I tried:

  1. WAN interface - eth0 (port where my modem plugs into the Edgerouter)

  2. Hairpin NAT and Auto firewall disabled

  3. LAN interface - eth4 (port where the GLInet Beryl is plugged into)

  4. Original port - 51820 :: Protocol - Both :: Forward-to address - the 192. address that is assigned to the router plugged into eth4 :: Forward-to-port - 51820

I also tried having WAN interface as eth4 and no LAN interface, I’ve tried toggling Hairpin NAT and auto firewall on and off, and nothing seems to work.

Again sorry if this is super noob or I said something dumb. Part of me feels like I should just return the edgerouter and get a more user friendly router since I feel like I’m in way over my head with this thing, but I feel like once I get it setup I won’t need to mess with it too much. Any help at all would be appreciated, thank you very much!

2

Hello, if i’m reading this right then there’s been a minor oversight on your part.

  1. WAN interface - eth0 (port where my modem plugs into the Edgerouter)
  2. Hairpin NAT and Auto firewall disabled
  3. LAN interface - eth4 (port where the GLInet Beryl is plugged into)
  4. Original port - 51820 :: Protocol - Both :: Forward-to address - the 192. address that is assigned to the router plugged into eth4 :: Forward-to-port - 51820

In step 2 you disabled the auto firewall option, but I don’t see another step where you opened the firewall manually.

In plain terms, the firewall acts like a wall in the middle of the road. If you’re driving down the road and the firewall is in your way it literally just blocks you from going and that’s the end of it. You need to open the firewall to your specific traffic in order to get through. In this analogy the routing rules (port forwarding) tell the roads where to be. So while the roads are there, the wall is still blocking you.

For simplicity, enable the auto firewall (this will tell the router to make firewall rules in addition to routing rules) and that should solve at least part of your problem. If you’re still having trouble after that, let me know.

3

Hi, thanks so much for your reply. I tried turning that back on and sadly it didn’t work. I have a laughable “network diagram” I made to hopefully try and help analyze the situation. Note that while in this situation I’m trying to connect the travel beryl via the AP at my house, in practice the travel router would come with me and connect to any AP around the world and have my home IP

image
image1432×765 20.2 KB

4

Sorry for the 2 replies but I was only able to put 1 image in my message.

Here are the port forwarding settings on my router.

image
image1216×587 44.4 KB

I can change that LAN interface and WAN interface dropdown to: eth0, eth1, eth2, eth3, eth4, eth5, imq0, itf0, switch0, other

I’ve tried:

  1. No LAN interface
  2. LAN interface set to eth4
  3. Lan interface set to switch0
  4. All combinations of auto firewall / hairpin NAT on and off

Let me know if there’s anything else I can do to help understand, thanks so much for your help!