Hello I bought a GL-AXT1800 to connect from my country through a VPN while working remotely,
I've setup a WireGuard server in a docker container from a personal server but it's not working, here is what I did:
- Router Setup
- Firmware upgrade to 4.5.16 (release2, 2024-03-21 14:30:45 UTC)
- VPN Setup -> Failing
- A lot a attempts (enable ipv6, ...)
- Factory reset
- Set admin password
- Set timezone (Europe)
- Create new WireGuard client with manual configuration:
[Interface]
Address = 10.13.13.2
PrivateKey =
ListenPort = 51820
DNS = 10.13.13.1
[Peer]
PublicKey =
PresharedKey =
Endpoint = 163.xxx.xxx.xxx:51820
AllowedIPs = 0.0.0.0/0, ::/0
-
Click on VPN client -> Start -> VPN Connected
-
Go to https://api.ipify.org/?format=json -> still shows my home IP
-
VPN Global Options (already set to Global Proxy)
- Block Non-VPN Traffic -> On
- Services from GL.iNet Use VPN -> On
-> Applied
-
Refresh https://api.ipify.org/?format=json -> still shows my home IP
-
Client log :
Tue May 21 14:55:18 2024 daemon.notice netifd: Interface 'wgclient' is setting up now
Tue May 21 14:55:18 2024 daemon.notice netifd: Network device 'wgclient' link is up
Tue May 21 14:55:18 2024 daemon.notice netifd: Interface 'wgclient' is now up
Tue May 21 14:55:18 2024 user.notice firewall: Reloading firewall due to ifup of wgclient (wgclient)
Tue May 21 14:55:18 2024 user.notice wgclient-up: env value:T_J_V_ifname=string J_V_address_external=1 USER=root ifname=wgclient ACTION=KEYPAIR-CREATED N_J_V_address_external=address-external SHLVL=3 J_V_keep=1 HOME=/ HOTPLUG_TYPE=wireguard T_J_V_interface=string J_V_ifname=wgclient T_J_V_link_up=boolean LOGNAME=root DEVICENAME= T_J_V_action=int TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin CONFIG_LIST_STATE= J_V_interface=wgclient K_J_V= action ifname link_up address_external keep interface J_V_link_up=1 J_V_action=0 T_J_V_address_external=boolean N_J_V_link_up=link-up T_J_V_keep=boolean PWD=/ JSON_CUR=J_V CONFIG_SECTIONS=global AzireVPN Mullvad FromApp group_5865 group_5183 group_8150 group_435 peer_8199 CONFIG_cfg030f15_ports=
I found this similar topic with this solution from @hansome but iptables-mod-conntrack-extra is already installed
root@GL-AXT1800:~# opkg update
Downloading https://fw.gl-inet.com/releases/v21.02-SNAPSHOT/kmod-4.2.1/arm_cortex-a7/ip60xx/Packages.gz
Updated list of available packages in /var/opkg-lists/glinet_core
Downloading https://fw.gl-inet.com/releases/v21.02-SNAPSHOT/packages-4.1/arm_cortex-a7/glinet/Packages.gz
Updated list of available packages in /var/opkg-lists/glinet_gli_pub
Downloading https://fw.gl-inet.com/releases/v21.02-SNAPSHOT/packages-4.0/arm_cortex-a7/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/opnwrt_packages
Updating database.
Database update completed.
root@GL-AXT1800:~# opkg list iptables-mod-conntrack-extra
iptables-mod-conntrack-extra - 1.8.7-1 - Extra iptables extensions for connection tracking.
Matches:
- connbytes
- connlimit
- connmark
- recent
- helper
Targets:
- CONNMARK
I tried to restart firewall anyway and got some errors that may be related:
root@GL-AXT1800:~# /etc/init.d/firewall restart
Warning: Section @defaults[0] requires unavailable target extension FLOWOFFLOAD, disabling
Warning: Section @zone[1] (wan) cannot resolve device of network 'wan6'
Warning: Section @zone[1] (wan) cannot resolve device of network 'wwan'
Warning: Section @zone[2] (guest) cannot resolve device of network 'guest'
Warning: Option 'wgclient'.masq6 is unknown
Warning: Section 'wan_in_conn_mark' does not specify a protocol, assuming TCP+UDP
Warning: Section 'lan_in_conn_mark_restore' does not specify a protocol, assuming TCP+UDP
Warning: Section 'out_conn_mark_restore' does not specify a protocol, assuming TCP+UDP
Warning: Section 'safe_mode_mark' does not specify a protocol, assuming TCP+UDP
Warning: Section 'safe_mode_mark_save' does not specify a protocol, assuming TCP+UDP
Warning: Section 'safe_mode_mark_drop' does not specify a protocol, assuming TCP+UDP
Warning: Section @defaults[0] requires unavailable target extension FLOWOFFLOAD, disabling
Warning: Section @zone[2] (guest) has no device, network, subnet or extra options
* Flushing IPv4 filter table
* Flushing IPv4 nat table
* Flushing IPv4 mangle table
* Flushing IPv4 raw table
* Flushing IPv6 filter table
* Flushing IPv6 nat table
* Flushing IPv6 mangle table
* Flushing conntrack table ...
* Populating IPv4 filter table
* Rule 'Allow-DHCP-Renew'
* Rule 'Allow-IGMP'
* Rule 'Allow-IPSec-ESP'
* Rule 'Allow-ISAKMP'
* Rule 'Allow-DHCP'
* Rule 'Allow-DNS'
* Rule 'safe_mode_lan'
* Rule 'safe_mode_guest'
* Rule 'safe_mode_mark_drop'
* Forward 'wgclient' -> 'wan'
* Forward 'lan' -> 'wgclient'
* Forward 'guest' -> 'wgclient'
* Zone 'lan'
* Zone 'wan'
* Zone 'guest'
* Zone 'wgclient'
* Populating IPv4 nat table
* Zone 'lan'
* Zone 'wan'
* Zone 'guest'
* Zone 'wgclient'
* Populating IPv4 mangle table
* Rule 'process_mark'
* Rule 'wan_in_conn_mark'
* Rule 'lan_in_conn_mark_restore'
* Rule 'out_conn_mark_restore'
* Rule 'safe_mode_mark'
* Rule 'safe_mode_mark_save'
* Zone 'lan'
* Zone 'wan'
* Zone 'guest'
* Zone 'wgclient'
* Populating IPv4 raw table
* Zone 'lan'
- Using automatic conntrack helper attachment
* Zone 'wan'
* Zone 'guest'
- Using automatic conntrack helper attachment
* Zone 'wgclient'
* Populating IPv6 filter table
* Rule 'Allow-DHCPv6'
* Rule 'Allow-MLD'
* Rule 'Allow-ICMPv6-Input'
* Rule 'Allow-ICMPv6-Forward'
* Rule 'Allow-IPSec-ESP'
* Rule 'Allow-ISAKMP'
* Rule 'Allow-DHCP'
* Rule 'Allow-DNS'
* Rule 'safe_mode_lan'
* Rule 'safe_mode_guest'
* Rule 'safe_mode_mark_drop'
* Forward 'wgclient' -> 'wan'
* Forward 'lan' -> 'wgclient'
* Forward 'guest' -> 'wgclient'
* Zone 'lan'
* Zone 'wan'
* Zone 'guest'
* Zone 'wgclient'
* Populating IPv6 nat table
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_lan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_lan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_wan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_wan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_guest_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_guest_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_wgclient_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_wgclient_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_rule'
* Zone 'lan'
* Zone 'wan'
* Zone 'guest'
* Zone 'wgclient'
* Populating IPv6 mangle table
* Rule 'process_mark'
* Rule 'wan_in_conn_mark'
* Rule 'lan_in_conn_mark_restore'
* Rule 'out_conn_mark_restore'
* Rule 'safe_mode_mark'
* Rule 'safe_mode_mark_save'
* Zone 'lan'
* Zone 'wan'
* Zone 'guest'
* Zone 'wgclient'
* Set tcp_ecn to off
* Set tcp_syncookies to on
* Set tcp_window_scaling to on
* Running script '/etc/firewall.user'
* Running script '/etc/firewall.nat6'
* Running script '/etc/firewall.swap_wan_in_conn_mark.sh'
* Running script '/var/etc/gls2s.include'
! Skipping due to path error: No such file or directory
* Running script '/usr/bin/gl_block.sh'
* Running script '/etc/firewall.vpn_server_policy.sh'
iptables v1.8.7 (legacy): Couldn't load target `VPN_SER_POLICY':No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.