VPN not working with GL-AXT1800

Hello I bought a GL-AXT1800 to connect from my country through a VPN while working remotely,
I've setup a WireGuard server in a docker container from a personal server but it's not working, here is what I did:

  • Router Setup
  • Firmware upgrade to 4.5.16 (release2, 2024-03-21 14:30:45 UTC)
  • VPN Setup -> Failing
  • A lot a attempts (enable ipv6, ...)
  • Factory reset
  • Set admin password
  • Set timezone (Europe)
  • Create new WireGuard client with manual configuration:
[Interface]
Address = 10.13.13.2
PrivateKey = 
ListenPort = 51820
DNS = 10.13.13.1

[Peer]
PublicKey = 
PresharedKey = 
Endpoint = 163.xxx.xxx.xxx:51820
AllowedIPs = 0.0.0.0/0, ::/0
Tue May 21 14:55:18 2024 daemon.notice netifd: Interface 'wgclient' is setting up now
Tue May 21 14:55:18 2024 daemon.notice netifd: Network device 'wgclient' link is up
Tue May 21 14:55:18 2024 daemon.notice netifd: Interface 'wgclient' is now up
Tue May 21 14:55:18 2024 user.notice firewall: Reloading firewall due to ifup of wgclient (wgclient)
Tue May 21 14:55:18 2024 user.notice wgclient-up: env value:T_J_V_ifname=string J_V_address_external=1 USER=root ifname=wgclient ACTION=KEYPAIR-CREATED N_J_V_address_external=address-external SHLVL=3 J_V_keep=1 HOME=/ HOTPLUG_TYPE=wireguard T_J_V_interface=string J_V_ifname=wgclient T_J_V_link_up=boolean LOGNAME=root DEVICENAME= T_J_V_action=int TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin CONFIG_LIST_STATE= J_V_interface=wgclient K_J_V= action ifname link_up address_external keep interface J_V_link_up=1 J_V_action=0 T_J_V_address_external=boolean N_J_V_link_up=link-up T_J_V_keep=boolean PWD=/ JSON_CUR=J_V CONFIG_SECTIONS=global AzireVPN Mullvad FromApp group_5865 group_5183 group_8150 group_435 peer_8199 CONFIG_cfg030f15_ports=

I found this similar topic with this solution from @hansome but iptables-mod-conntrack-extra is already installed

root@GL-AXT1800:~# opkg update
Downloading https://fw.gl-inet.com/releases/v21.02-SNAPSHOT/kmod-4.2.1/arm_cortex-a7/ip60xx/Packages.gz
Updated list of available packages in /var/opkg-lists/glinet_core
Downloading https://fw.gl-inet.com/releases/v21.02-SNAPSHOT/packages-4.1/arm_cortex-a7/glinet/Packages.gz
Updated list of available packages in /var/opkg-lists/glinet_gli_pub
Downloading https://fw.gl-inet.com/releases/v21.02-SNAPSHOT/packages-4.0/arm_cortex-a7/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/opnwrt_packages
Updating database.
Database update completed.
root@GL-AXT1800:~# opkg list iptables-mod-conntrack-extra 
iptables-mod-conntrack-extra - 1.8.7-1 - Extra iptables extensions for connection tracking.
 
 Matches:
 - connbytes
 - connlimit
 - connmark
 - recent
 - helper
 
 Targets:
 - CONNMARK

I tried to restart firewall anyway and got some errors that may be related:

root@GL-AXT1800:~# /etc/init.d/firewall restart 
Warning: Section @defaults[0] requires unavailable target extension FLOWOFFLOAD, disabling
Warning: Section @zone[1] (wan) cannot resolve device of network 'wan6'
Warning: Section @zone[1] (wan) cannot resolve device of network 'wwan'
Warning: Section @zone[2] (guest) cannot resolve device of network 'guest'
Warning: Option 'wgclient'.masq6 is unknown
Warning: Section 'wan_in_conn_mark' does not specify a protocol, assuming TCP+UDP
Warning: Section 'lan_in_conn_mark_restore' does not specify a protocol, assuming TCP+UDP
Warning: Section 'out_conn_mark_restore' does not specify a protocol, assuming TCP+UDP
Warning: Section 'safe_mode_mark' does not specify a protocol, assuming TCP+UDP
Warning: Section 'safe_mode_mark_save' does not specify a protocol, assuming TCP+UDP
Warning: Section 'safe_mode_mark_drop' does not specify a protocol, assuming TCP+UDP
Warning: Section @defaults[0] requires unavailable target extension FLOWOFFLOAD, disabling
Warning: Section @zone[2] (guest) has no device, network, subnet or extra options
 * Flushing IPv4 filter table
 * Flushing IPv4 nat table
 * Flushing IPv4 mangle table
 * Flushing IPv4 raw table
 * Flushing IPv6 filter table
 * Flushing IPv6 nat table
 * Flushing IPv6 mangle table
 * Flushing conntrack table ...
 * Populating IPv4 filter table
   * Rule 'Allow-DHCP-Renew'
   * Rule 'Allow-IGMP'
   * Rule 'Allow-IPSec-ESP'
   * Rule 'Allow-ISAKMP'
   * Rule 'Allow-DHCP'
   * Rule 'Allow-DNS'
   * Rule 'safe_mode_lan'
   * Rule 'safe_mode_guest'
   * Rule 'safe_mode_mark_drop'
   * Forward 'wgclient' -> 'wan'
   * Forward 'lan' -> 'wgclient'
   * Forward 'guest' -> 'wgclient'
   * Zone 'lan'
   * Zone 'wan'
   * Zone 'guest'
   * Zone 'wgclient'
 * Populating IPv4 nat table
   * Zone 'lan'
   * Zone 'wan'
   * Zone 'guest'
   * Zone 'wgclient'
 * Populating IPv4 mangle table
   * Rule 'process_mark'
   * Rule 'wan_in_conn_mark'
   * Rule 'lan_in_conn_mark_restore'
   * Rule 'out_conn_mark_restore'
   * Rule 'safe_mode_mark'
   * Rule 'safe_mode_mark_save'
   * Zone 'lan'
   * Zone 'wan'
   * Zone 'guest'
   * Zone 'wgclient'
 * Populating IPv4 raw table
   * Zone 'lan'
     - Using automatic conntrack helper attachment
   * Zone 'wan'
   * Zone 'guest'
     - Using automatic conntrack helper attachment
   * Zone 'wgclient'
 * Populating IPv6 filter table
   * Rule 'Allow-DHCPv6'
   * Rule 'Allow-MLD'
   * Rule 'Allow-ICMPv6-Input'
   * Rule 'Allow-ICMPv6-Forward'
   * Rule 'Allow-IPSec-ESP'
   * Rule 'Allow-ISAKMP'
   * Rule 'Allow-DHCP'
   * Rule 'Allow-DNS'
   * Rule 'safe_mode_lan'
   * Rule 'safe_mode_guest'
   * Rule 'safe_mode_mark_drop'
   * Forward 'wgclient' -> 'wan'
   * Forward 'lan' -> 'wgclient'
   * Forward 'guest' -> 'wgclient'
   * Zone 'lan'
   * Zone 'wan'
   * Zone 'guest'
   * Zone 'wgclient'
 * Populating IPv6 nat table
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_lan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_lan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_wan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_wan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_guest_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_guest_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_wgclient_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_wgclient_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_rule'
   * Zone 'lan'
   * Zone 'wan'
   * Zone 'guest'
   * Zone 'wgclient'
 * Populating IPv6 mangle table
   * Rule 'process_mark'
   * Rule 'wan_in_conn_mark'
   * Rule 'lan_in_conn_mark_restore'
   * Rule 'out_conn_mark_restore'
   * Rule 'safe_mode_mark'
   * Rule 'safe_mode_mark_save'
   * Zone 'lan'
   * Zone 'wan'
   * Zone 'guest'
   * Zone 'wgclient'
 * Set tcp_ecn to off
 * Set tcp_syncookies to on
 * Set tcp_window_scaling to on
 * Running script '/etc/firewall.user'
 * Running script '/etc/firewall.nat6'
 * Running script '/etc/firewall.swap_wan_in_conn_mark.sh'
 * Running script '/var/etc/gls2s.include'
   ! Skipping due to path error: No such file or directory
 * Running script '/usr/bin/gl_block.sh'
 * Running script '/etc/firewall.vpn_server_policy.sh'
iptables v1.8.7 (legacy): Couldn't load target `VPN_SER_POLICY':No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.

Could you please check How to troubleshoot WireGuard if there are any information that might be helpful for you?

1 Like

Please check if it works using the phone wireguard app.

Thanks for your responses, VPN connection is working form my mobile phone both from my main wifi router and in LTE.

In didn't find anything related to my problem in the troubleshoot guide except that the connection is behind a Starlink router (192.168.1.1) and one other router Ubiquity Edge Router-X (192.168.0.1).
The GL router is connected trough the WAN ethernet port.

UPDATE: From my mobile phone, the VPN connection does works with the GL router (with the mobile VPN client disabled) but not from my laptop (macbook air M1).

UPDATE: Ok I found the issue: laptop is plugged to a dock station with an ethernet connection, uses wifi to reach 192.168.8.1 but the ethernet connection to the Ubiquity router for the internet *facepalm*

2 Likes

So the issue itself is solved?

Yes, the eth connection was prioritised over the wifi one
Thank you

1 Like