Wireguard client connection from GL-MT1300 toWG-server


I’m trying to setup a wireguard client connection from my GL-MT1300 to my wireguard-server at the office. I’ve used the online documentation to create the client connection: WireGuard Client - GL.iNet Docs

After creating the configuration and connecting the wireguard vpn through the gl-inet web interface i can’t seem to get traffic to pass through the tunnel.

Connection diagram1: wg-server <-> internet <-> gl-inet

My wireguard subnet is where the server has .1/24 and the gl-inet has .2/32

I’m trying to ping from the gl-inet device.

One strange thing i noticed that is when i do a traceroute from the gl-inet to it seems to take the default gateway (internet) as opposed to the tunnel. Tcpdump on the server confirms no packets are received on tunnel and ethernet interface when i ping from the gl-inet.

To debug a little further i took the configuration from the gl-inet (wg showconf wg0) and copied it to a windows pc with wireguard behind the gl-inet

Connection diagram2: wg-server <-> internet <-> gl-inet <-nat-> test-windows-pc

When trying to establish the connection from the windows pc everything works as expected.
Ping to works and traceroute shows a path through the tunnel on the windows pc.

I’m running out of ideas to test, and tbh i don’t see why diagram2 works and diagram1 does not.

So far i think it rules out a server-issue and a wireguard-client-config issue.
I tried lowering MTU to 1400 just for testing and that made no difference.

Anyone with a good hint ? :wink:


Did you do traceroute on the router? I think maybe it is because the default routing policy is not to use vpn for the router itself.

Set up vpn policy as below and check again.

Thanks for the reply and sorry for the long delay, just only now got the free time to debug further.

So i am on the road most of the time and therefor am a little afraid of testing while away only to find out i locked myself out of my home network.
As far as i understand this toggle it means that the router will then use the default gateway over the wg0 interface, is that right?

Do you know if there’s a less (potentially) destructive test?, or am i reading the functioning of the toggle wrong?


The above settings in on the client side, so it will not lock you out because you have the client device with you.