Vpn cascading not working

I subscribe to a popular sports streaming website. While the site allows 2 simultaneous streams, the two streams must come from the same IP. The streams only work from Germany. I have an ExpressVPN account. On a laptop, phone etc, if I load the VPN app, connect to VPN, and website/app works great. If i configure the ExpressVPN as an OpenVPN client on my GL-MT3000 Beryl AX running 4.4.5, and connect a laptop/phone to the Beryl via Wi-Fi, I can still successfully use the app / website. The next step is to enable the vpn server on the GL-MT3000 Beryl AX. I created a wireguard vpn server, and I’m able to connect to it from a phone on cellular. If i check my ip from the vpn connected phone, it shows the german IP, which is great. I think that means the vpn cascading is working. However, the app does not work when the phone is connected to the vpn server. Could some data be leaking, revealing to domestic IP? thanks for your ideas in advance in fixing this.

Check for DNS leaks at dnsleaktest.com .

I do not work for and I do not have formal association with GL.iNet

1 Like

The wireguard conf exported by the MT3000 wireguard server includes pre-defined DNS “” that will take effect on wireguard client for laptop, phone etc.

You need to copy the ExpressVPN DNS.
Retrieve it by command for example:

root@GL-MT3000:/tmp# cat /tmp/resolv.conf.ovpn 
# Interface ovpnclient

or check at NETWORK - DNS page.

Then copy that DNS IP to wireguard conf:

Thanks, how do I edit the wireguard conf file. I tried, sudo nano /etc/config/wireguard_server but get, sudo: nano: command not found. I also didnt find it in the gui. I also tried Luci, but get …

when i click install protocol extensions, i get, No packages matching "luci-proto "

Thanks for your guidance

I figured out how to make the modification in the gui. That seems to be working. However, another problem was revealed. When a computer connected to the router that has the vpn client on it i get a german ip which is great. When i take cell phone on cellular, connect the the wireguard vpn server on the same router and check my public ip, i have a different german ip. It should ideally be the same. What am i doing wrong

Great to hear you made it.
What’s the VPN server device then?

The mt3000 is running both the vpn client and a vpn server.

It seems as if when an outside computer connects to the vpn server, it gets routed through a second instance of the vpn client. Is that possible? It seems as if the vpn cascading option is triggering the vpn client on the router to initiate a new connection, resulting in the client that is connecting to the vpn server having a different public IP than a client connecting to the wifi of the router while the router is also connected through the vpn client. How do I make sure a client connected to the wifi of the router gets a german IP when connecting wirelessly and a different client that connects to the vpn server on the same box also ends up wiuth the same german IP?

Why two different IPs. I mean its good that they are both going through the VPN, but all clients of this router, despite whether they are phyically connected through a LAN port, connected via wifi, or connected from outside through the VPN server, should ultimately use the same VPN tunnel when making their requests outside through the vpn client, and return the same IP.

I see that you have the ExpressVPN browser extension installed on the computer on the left. Is it also connected to ExpressVPN at the same time?

I do not work for and I do not have formal association with GL.iNet

1 Like

Good eye. :grinning:no, it is not.

Can you do a test with a 3rd client device to see if it gets a 3rd public IP address?

three different IPs

Can you confirm that the 2 smartphones are using the router’s wifi because they show LTE and 5G at the top?

Also, do they have VPN clients running?