Wireguard and multiple AllowedIPs

I have Wireguard blocked, so I use ShadowSocks in UDP tunnel mode for it. I installed it from the OpenWRT packages

That is, the endpoint looks something like this:
Endpoint = (ss-tunnel local client address)

And for this configuration to work it is necessary to specify correctly the AllowedIPs in the configuration (the whole Internet except the ip-address of the VPN-server). There are special calculators
for this, because WG does not have the DisallowedIPs parameter

But this configuration I can not add through the management interface, there is an error (see screenshot).

What can be the reason or what should I do?

PS GL-AXT1800 with 4.1.0

Can you share more configuration details?

What exactly are you interested in? This is what the full configuration looks like and I can’t add it through the router’s interface, I get an error like in the screenshot above

Address =
PrivateKey = KEY
MTU = 1280

PublicKey = KEY
PresharedKey = KEY
AllowedIPs =,,,,,,,,,,,,,,,
Endpoint =
PersistentKeepalive = 25

This is a valid configuration and it works on the WG client on PC. This configuration also works with one AllowedIPs

Alternatively, I can add a route to the VPN server manually in the console, but this is inconvenient because the default gateway of the ISP may be different each time.

Maybe there are options on how I can otherwise make Wireguard work through ShadowSocks?

If you want routing to take effect, you first need to switch the proxy mode to Auto Detect
I tried your configuration in version 4.2.0 firmware and it works as normal.

Also, I’m curious, why is your endpoint This might cause some exceptions, and I’m not sure if you can connect correctly.

Yes, I switched to that mode. So you imported the configuration without errors? Where can I get this firmware version for my model?

This is the endpoint of the local ShadowSocks ss-tunnel daemon in udp-mode. It tunnels WG traffic to my WG server. This is necessary because my ISP blocks the WG protocol, so I have to pass his traffic through ShadowSocks. This works fine, the only problem is that for some reason I don’t have the WG configuration imported, which will automatically assign all the necessary routes for this to work.

Also, thank you for your replies

I casually changed the public key and then added the configuration without encountering error, I used the 4.2 firmware.

Unfortunately, it didn’t help. In 4.2 I have the same error :frowning: However, I am glad to see in 4.2 support for Zerotier, but for some reason it has no “Allow default override” option yet, so it cannot be used as a replacement for Wireguard

Sorry for my broken English.
I think this problem was caused by item overflow.

AllowedIPs =,,,,,,,,,,,,,,,

this descprition was parsed to following items, and gl.inet-GUI may crash when explain item mode

AllowedIPs =
AllowedIPs =
AllowedIPs =
AllowedIPs =
AllowedIPs = …

Thanks for the feedback, will check and fix it.

1 Like