Device: GL-ATX1800 (Slate AX)
Firmware: 4.2.1-release4
Device IP: 192.168.8.1
Device Guest Subnet: 192.168.9.0/24
DOH/dnscrypt-proxy2: quad9-doh-ip4-port443-filter-pri, later Cloudflare (fr stock listings)
VPN Provider(s): Surfshark, later Proton VPN
Upstream Router: GL-AX1800 (Flint), firmware 3.214-0509
Upstream Router IP: 192.168.10.1
Upstream VPN Provider: Surfshark
Upstream VPN (IP) Location: (different than Device VPN IP/Location)
WireGuard Client setup documentation/screenshots for firmware v. 4.x
Hello all,
This router is behind another router (192.168.10.0/24) which has a functioning Surfshark endpoint. I know it’s not an issue on Surfshark’s side because the upstream router has been using its WG profiles/endpoints for over a week, if not more.
I have one WG profile added to this device’s VPN Client. The dashboard claims it connects & some minor data (<10 K up, down) is transmitted, IP assigned to the ATX1800. curl http://ipecho.net/plain; echo fails. Restarting dnscrypt-proxy gives a timeout error of:
[ERROR] Get “https://dns9.quad9.net:443/dns-query?dns=yv4BAAABAAAAAAABAAACAAEAACkQAAAAAAAAFAAMABAi99Nk98hbVgBSVw0VJ4nG”: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
I do not have such an error when using DOH without the VPN Client connected.
Is DOH/dnscrypt-proxy2 not able to be used in conjunction w/ VPN/WG?
Here is a log of what I’ve attempted:
–
- 2023-06-25-1733: Connected; curl fails; restarted dnscrypt-proxy; ERROR] […] Client.Timeout exceeded while awaiting headers; disconnected
- 2023-06-25-1728: Rm’d MTU fr sole WG profile
- 2023-06-25-1726: Alternate WG profile fails; deleted profile
- 2023-06-25-1713: Rm’d listen_port, connected; curl, dnscrypt restart fails/same error; disc’d
- 2023-06-25-1710: Enabled IP Masq, MTU 1320; reconnected; fails; curl, restated dns-c; fails
- 2023-06-25-1703: Restarted dnscrypt-proxy; ERROR] […] Client.Timeout exceeded while awaiting headers; disconnected
- 2023-06-25-1659: Disconnected; MTU to 1320; restarted
- 2023-06-25-1655: Added listen port, removed MTU; started VPN
- 2023-06-25-1643: Noted disconnecting VPN immed. restores DNS connectivity
- 2023-06-25-1638: Restarted dnscrypt-proxy; [ERROR] […] Client.Timeout exceeded while awaiting headers
- 2023-06-25-1631: Rm’d extraneous wg profile; rebooted; reconnected
- 2023-06-25-1510: Filed seemingly unrelated bug report; rebooted
- 2023-06-25-1551: Restarted dnscrypt-proxy; [ERROR] […] Client.Timeout exceeded while awaiting headers
- 2023-06-25-1551: ca-tor.surfshark.$myName MTU 1420; reduced to 1320, no IP masq; fails
- 2023-06-25-1545: Added, connected ca-tor.surfshark.$myName; curl, ping fails
–
Here are the routes & netstat:
–
root@GL-AXT1800:~# route -ne
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 0.0.0.0 128.0.0.0 U 0 0 0 wgclient
0.0.0.0 192.168.10.1 0.0.0.0 UG 0 0 0 eth0
10.14.0.0 0.0.0.0 255.255.0.0 U 0 0 0 wgclient
37.19.211.37 192.168.10.1 255.255.255.255 UGH 0 0 0 eth0
37.19.211.44 192.168.10.1 255.255.255.255 UGH 0 0 0 eth0
128.0.0.0 0.0.0.0 128.0.0.0 U 0 0 0 wgclient
192.168.8.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
192.168.9.0 0.0.0.0 255.255.255.0 U 0 0 0 br-guest
192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
–
root@GL-AXT1800:~# ip route
0.0.0.0/1 dev wgclient scope link
default via 192.168.10.1 dev eth0 proto static src 192.168.10.249
10.14.0.0/16 dev wgclient proto kernel scope link src 10.14.0.2
37.19.211.37 via 192.168.10.1 dev eth0 proto static
37.19.211.44 via 192.168.10.1 dev eth0 proto static
37.19.211.119 via 192.168.10.1 dev eth0 proto static
128.0.0.0/1 dev wgclient scope link
138.199.48.185 via 192.168.10.1 dev eth0 proto static
138.199.57.46 via 192.168.10.1 dev eth0 proto static
192.168.8.0/24 dev br-lan proto kernel scope link src 192.168.8.1
192.168.9.0/24 dev br-guest proto kernel scope link src 192.168.9.1 linkdown
192.168.10.0/24 dev eth0 proto kernel scope link src 192.168.10.249
208.78.41.200 via 192.168.10.1 dev eth0 proto static
–
root@GL-AXT1800:~# netstat -natp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 14361/dnsmasq
tcp 0 0 192.168.10.249:53 0.0.0.0:* LISTEN 14361/dnsmasq
tcp 0 0 192.168.9.1:53 0.0.0.0:* LISTEN 14361/dnsmasq
tcp 0 0 192.168.8.1:53 0.0.0.0:* LISTEN 14361/dnsmasq
tcp 0 0 10.14.0.2:53 0.0.0.0:* LISTEN 14361/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2667/dropbear
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 4089/nginx.conf -g
tcp 0 0 0.0.0.0:2049 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:32777 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:32778 0.0.0.0:* LISTEN 6066/rpc.statd
tcp 0 0 0.0.0.0:32780 0.0.0.0:* LISTEN 6067/rpc.mountd
tcp 0 0 127.0.0.1:5453 0.0.0.0:* LISTEN 15980/dnscrypt-prox
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2840/rpcbind
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 4089/nginx.conf -g
tcp 0 0 10.14.0.2:40724 149.112.112.9:443 FIN_WAIT2 -
tcp 0 0 192.168.8.1:443 192.168.8.101:54438 ESTABLISHED 4206/nginx: worker
tcp 0 1888 192.168.8.1:22 192.168.8.101:53752 ESTABLISHED 11935/dropbear
tcp 0 0 ::1:53 :::* LISTEN 14361/dnsmasq
tcp 0 0 fe80::94ae:39ff:fe77:9138:53 :::* LISTEN 14361/dnsmasq
tcp 0 0 :::22 :::* LISTEN 2667/dropbear
tcp 0 0 :::443 :::* LISTEN 4089/nginx.conf -g
tcp 0 0 :::2049 :::* LISTEN -
tcp 0 0 :::32777 :::* LISTEN -
tcp 0 0 :::32778 :::* LISTEN 6066/rpc.statd
tcp 0 0 :::32780 :::* LISTEN 6067/rpc.mountd
tcp 0 0 :::111 :::* LISTEN 2840/rpcbind
tcp 0 0 :::80 :::* LISTEN 4089/nginx.conf -g
–