Wireguard client (BerylAX) is not connecting to server (BerylAX)

ignaciovi · July 21, 2024, 7:29pm

Hi all, I'm attempting to use a BerylAX as a Wireguard server and another BerylAX as Wireguard client. Doing this, I will be able to always have my home IP anywhere.

However, when I try to connect clie it gets stuck in "The client is starting, please wait…"

These are the logs I get on repeat:

Sun Jul 21 19:17:30 2024 user.notice firewall: Reloading firewall due to ifdown of wgclient ()
Sun Jul 21 19:19:17 2024 user.notice wireguard-debug: USER=root ifname=wgclient ACTION=REKEY-GIVEUP SHLVL=1 HOME=/ HOTPLUG_TYPE=wireguard LOGNAME=root DEVICENAME= TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin PWD=/
Sun Jul 21 19:19:17 2024 daemon.notice netifd: Interface 'wgclient' is now down
Sun Jul 21 19:19:17 2024 daemon.notice netifd: Interface 'wgclient' is setting up now
Sun Jul 21 19:19:17 2024 user.notice firewall: Reloading firewall due to ifdown of wgclient ()

These logs show on repeat.

These are the steps I followed:

Connect BerylAX 1 to my home router via ethernet cable. Internet works.
Turned on dynamic DNS
Start WireGuard Server
Go to my home router config 192.168.1.1 -> firewall -> port forwarding. Here I have multiple fields:

Protocol: UDP
Wan Host IP Address: 0.0.0.0
LAN Host: the "Ethernet" IP Address from the BerylAX Dashboard
WAN Port: 51820
LAN Host Port: 51820

Added a new user to the WireGuard Server. Copied the config (with the endpoint changed to the DNS+port)
Connect BerylAX 2 to my phone internet (making sure it only has data enabled, no wifi). Internet works
Go to WireGuard Client and paste the config of the user created in the BerylAX server
The VPN gets stuck in connecting...

Thanks in advance for your help!

admon · July 21, 2024, 7:30pm

Please have a look into How to troubleshoot WireGuard

I guess you are using the default network on both Beryl, which won't work.

ignaciovi · July 21, 2024, 7:59pm

On the BerylAX client I went to network -> LAN and changed it to 192.168.12.1.
The BerylAX server is still 192.168.8.1.
My home router is 192.168.1.1

It still doesn't work. Thanks for your help!

admon · July 21, 2024, 8:06pm

Are you sure that your server has a public reachable IPv4 address?
No CGNAT and no Spectrum as ISP?

ignaciovi · July 21, 2024, 8:25pm

According to this guide How to check if you have a public IP - GL.iNet Router Docs 4
the IP address in the "Ethernet" section should be the same as the IP address when I access a website that tells me my IP right?

Then, it seems I don't have it cause they don't match. Would I need to "enable" my main router to have public IP address so the connection between client and server VPN work?

ignaciovi · July 21, 2024, 8:32pm

When I check my IP in https://whatismyipaddress.com/ for both the main router and the server Wireguard, both are the same and start with 209

Techgal · July 22, 2024, 1:29am

I am having the same issue. It's not connecting to the WG vpn

admon · July 22, 2024, 4:57am

The question is if your ISP allows incoming connections. What ISP do you use?

alzhao · July 22, 2024, 7:50am

It seems that you don't have a public IP so your wireguard server is not working.

ignaciovi · July 22, 2024, 8:02am

Exactly, I found out that my ISP uses CGNAT.

I think I have three options here:

Buy static public IP from ISP
Use IPv6? What are pros and cons here?
Use Tailscale

Is this correct? Which option would you recommend? Thanks

alzhao · July 22, 2024, 8:58am

Currently you can try Tailscale.

Dealing with ISP needs extra money and time, and not promising if it surely work.

ignaciovi · July 22, 2024, 10:53am

I called my ISP and asked for a static IPv4 and now it works!
I'll try it again later on a different Wifi (I used my phone hotspot) and set this thread as solved if it works

alzhao · July 22, 2024, 12:16pm

Wow. So easy for you.