“Fri Jul 7 20:12:15 2023 user.notice mwan3[32154]: Execute ifdown event on interface wgclient (unknown)\nFri Jul 7 20:12:16 2023 user.notice firewall: Reloading firewall due to ifdown of wgclient ()\nFri Jul 7 20:13:58 2023 user.notice wireguard-debug: USER=root ifname=wgclient ACTION=REKEY-GIVEUP SHLVL=2 HOME=/ HOTPLUG_TYPE=wireguard LOGNAME=root DEVICENAME= TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin PWD=/\nFri Jul 7 20:13:59 2023 daemon.notice netifd: Interface ‘wgclient’ is now down\nFri Jul 7 20:13:59 2023 daemon.notice netifd: Interface ‘wgclient’ is setting up now\nFri Jul 7 20:13:59 2023 user.notice mwan3[4220]: Execute ifdown event on interface wgclient (unknown)\nFri Jul 7 20:14:00 2023 user.notice firewall: Reloading firewall due to ifdown of wgclient ()\nFri Jul 7 20:15:42 2023 user.notice wireguard-debug: USER=root ifname=wgclient ACTION=REKEY-GIVEUP SHLVL=2 HOME=/ HOTPLUG_TYPE=wireguard LOGNAME=root DEVICENAME= TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin PWD=/\nFri Jul 7 20:15:43 2023 daemon.notice netifd: Interface ‘wgclient’ is now down\nFri Jul 7 20:15:43 2023 daemon.notice netifd: Interface ‘wgclient’ is setting up now\nFri Jul 7 20:15:43 2023 user.notice mwan3[8729]: Execute ifdown event on interface wgclient (unknown)\nFri Jul 7 20:15:44 2023 user.notice firewall: Reloading firewall due to ifdown of wgclient ()\nFri Jul 7 20:15:58 2023 daemon.notice netifd: Interface ‘wgclient’ is now down\nFri Jul 7 20:15:58 2023 user.notice mwan3[9899]: Execute ifdown event on interface wgclient (unknown)\nFri Jul 7 20:15:59 2023 user.notice firewall: Reloading firewall due to ifdown of wgclient ()\nFri Jul 7 20:16:03 2023 daemon.notice netifd: Interface ‘wgclient’ is setting up now\nFri Jul 7 20:17:11 2023 daemon.notice netifd: Interface ‘wgclient’ is now down\nFri Jul 7 20:17:11 2023 user.notice mwan3[13864]: Execute ifdown event on interface wgclient (unknown)\nFri Jul 7 20:17:12 2023 user.notice firewall: Reloading firewall due to ifdown of wgclient ()\nFri Jul 7 20:17:32 2023 daemon.notice netifd: Interface ‘wgclient’ is setting up now\n”
How strange. Your wgclient interface is trying to go online then dropping the attempt. Can you post the WG configuration?
(GL GUI → VPN → WireGuard Client → ‘Home IP’ → […] → Edit)
(Redact your PrivateKey)
Is your peer’s endpoint, hj82918.glddns.com:51820 a different GL device @ a remote location, hence its name, Home IP?
If so you may need to setup a port forward to it, to the WG Server device, to allow :51820 to ‘flow through’ if it’s behind another router or a ISP modem that has router-like functionality. I’m assuming Home IP has a WG Server running on it, of course.
Ideally you want the ISP’s modem to be just that, a modem, not a Wi-Fi access point or router itself. Depending on the model it could be a matter of putting the GL device on the ‘DMZ’ but its best to set the modem to ‘bridged mode’ if it’s possible.
It’d also be helpful to check a DDNS Test, just to be sure:
So here is what I am trying to do. Use Home IP Address While Traveling with GL.iNet AX Slate, Opal, and WireGuard® VPN - YouTube
I followed all the steps from here and called my ISP to have the port opened and they have opened it already. I have both devices shown in the video. My Opal DDNS would be Opal ID DDNS Address: hj28981.glddns.com
Standby; I’m about to watch that video now. I’d still do the DDNS Test meanwhile.
Right. I just pinged your ddns address:
root@GL-AXT1800:~# ping -c2 hj82918.glddns.com
PING hj82918.glddns.com ([redacted]): 56 data bytes
64 bytes from [redacted]: seq=0 ttl=44 time=76.975 ms
64 bytes from [redacted]: seq=1 ttl=44 time=76.674 ms
--- hj82918.glddns.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 76.674/76.824/76.975 ms
So we know your Opal (acting as the WG Server}, more specifically its publicly facing IP, is online just as we’d expect. That doesn’t assure me :51820 is open to flow through to it though. I could probe it but that might raise some alerts to your ISP so I’m not excited to do that.
Can you please ssh into the device acting as the WG Client (eg: Slate AX per that YT video)? Its default IP is 192.168.8.1. There’s software available to install to scan for open ports on other computers but they only run from the command line hence we can do that once logged into the Slate AX.
(opkg update && opkg install nmap)
Here’s what it looks like when I scan my VPS provider’s WG server:
root@GL-AXT1800:~# nmap -sU -p 51820 37.98.121.77
Starting Nmap 7.80 ( https://nmap.org ) at 2023-07-08 01:08 ADT
Nmap scan report for unn-37-98-121-77.datapacket.com (37.98.121.77)
Host is up (0.042s latency).
PORT STATE SERVICE
51820/udp open|filtered unknown
Nmap done: 1 IP address (1 host up) scanned in 1.55 seconds
Note how it says the WG port, 51820, is open. That’s what we’d be looking for when scanning the IP for your hj82918.glddns.com.
This is what I get when I ping it once I SSH into it.
root@GL-SFT1200:~# nmap -sU -p 51820 hj28981.glddns. com.
Starting Nmap 7.70 ( https:// nmap. org ) at 2023-07-09 10:28 CST
Nmap scan report for hj28981.glddns. com. ()
Host is up (0.0023s latency).
rDNS record for : GL-AXT1800.attlocal .net
PORT STATE SERVICE
51820/udp open|filtered unknown
Nmap done: 1 IP address (1 host up) scanned in 1.69 seconds
(I would suggest redacting your IP… & I’ll go back & obfuscate your ddns address to be on the safe side. Note your ddns address is also in that screenshot.)
To confirm: that nmap scan was executed from the GL device that’s to act as the WG Client, correct? If so the port forward open port certainly looks properly set.
From the Client device, can you post the results of wg show?:
root@GL-AXT1800:~# wg show
interface: wgclient
public key: [redacted]=
private key: (hidden)
listening port: 37692
peer: [redacted]=
endpoint: 37.91.121.99:51820
allowed ips: 0.0.0.0/0
latest handshake: 1 minute, 33 seconds ago
transfer: 5.17 GiB received, 654.82 MiB sent
persistent keepalive: every 25 seconds
I’ll ask the same from the WG Server (Opal). Don’t forget to redact as required.
(If you enclose the output between three ‘backticks’ at the beginning & end (the key by the 1 key), the formatting will be easier to read)
Yea it was, I used the IP you provided.
Apologies; I edited my post since you just made that post. Could you refresh? I’d like to see what, if anything, reports back from the WG display tools. It shows slightly more information that what’s given using the GL GUI’s VPN Dashboard.
root@GL-AXT1800:~# wg show
interface: wgclient
public key: BvnIhVf0zzpO0iPqB9Qn8teixGBGHDmsaEsGvOoWKDY=
private key: (hidden)
listening port: 58819
peer: qfOj2Fr4TMksxXcEai0/Qq/CDT8asRLyvQqA0aEAkj0=
endpoint: :51820
allowed ips: 0.0.0.0/0, ::/0
transfer: 0 B received, 1.16 KiB sent
persistent keepalive: every 25 seconds
- GL DDNS:
hj82918.glddns.com(obfuscated) - Opal (GL-SFT1200): LAN IP
192.168.8.1, Role: WG Server - Slate AX (GL-ATX1800): LAN IP
unknown, WAN IPunknown, Role: WG Client
- What’s your LAN IP for the Slate AX (GL GUI → Network → LAN → Router IP Address)?
- What IP address is your Opal assigning to the Slate AX as a Opal Wi-Fi Client (GL GUI → Clients)?
Question #1 192.168.8.1
Question #2 So when I go to Clients in the OPAL I dont see Slate AX on there. I see the laptop I used, my phone and my other desktop and the IPS vary. Under WireGuard Server in the OPAL device I see Slate AX CLient IP being 172.58.100.112
Ok so I just went to Slate AX (GL GUI → VPN → VPN Dashboard → and click on the configuration file I see the following address hj28981.glddns.com:51820 and when I SSH into Slate AX and run the following it shows it as closed there.
root@GL-AXT1800:~# nmap -sU -p 51820 hj28981.glddns .com
Starting Nmap 7.80 ( https://nmap .org ) at 2023-07-08 22:48 CDT
Nmap scan report for hj28981.glddns .com (107.222.107.3)
Host is up (0.00030s latency).
rDNS record for 107.222.107.3: GL-AXT1800.attlocal .net
PORT STATE SERVICE
51820/udp closed unknown
Nmap done: 1 IP address (1 host up) scanned in 0.49 seconds
I think your two routers are conflicting based on their LAN IPs. This could block WG in a collision if so. Can you set your Opal to 192.168.18.1 instead of its default .8.1?
(GL GUI → Network → LAN → Router IP Address)
Done, I was able to SSH into it as well to confirm the IP change.
- GL DDNS:
hj82918.glddns.com(obfuscated) - Opal (GL-SFT1200): LAN IP
192.168.18.1, Role: WG Server - Slate AX (GL-ATX1800): LAN IP
unknown, WAN IPunknown, Role: WG Client
Based on the result of your last nmap probe for your ddns it appears your Slate AX is connected to your ATT modem. Is this the case?
If so which device do you intend to act as the WG Server? The Opal or Slate AX? The Opal, correct? If so that should be the one connected as ATT ISP → Opal WAN.
Yes the SlateAX is hardwired to the modem and so is the Opal. The Opal will stay behind and the SlateAX is the one I will take with me when I travel.
