Wireguard client not routing any traffic on GL-MT300N-V2

akiel · December 24, 2019, 12:43am

I’m trying to route all my traffic through wireguard and failing. I have tested the configuration in other devices and it works perfectly. When I click connect on the GUI it actually connects to the server and creates the routing rules but nothing else happens. No traffic goes anywhere.
My firmware version is 3.025.

root@MT300N-V2:~# wg show
Warning: one or more unrecognized netlink attributes
interface: wg0
public key: [key]
private key: (hidden)
listening port: 55176

peer: [key]
preshared key: (hidden)
endpoint: [ip]:54321
allowed ips: 0.0.0.0/0
transfer: 0 B received, 296 B sent
persistent keepalive: every 25 seconds

root@MT300N-V2:~# ip r
0.0.0.0/1 dev wg0 scope link
default via 172.29.4.150 dev apcli0 proto static src 172.29.4.149 metric 20
[ip] via 172.29.4.150 dev apcli0
128.0.0.0/1 dev wg0 scope link
172.29.4.148/30 dev apcli0 proto static scope link metric 20
192.168.8.0/24 dev br-lan proto kernel scope link src 192.168.8.1

Can someone please assist me with this?

ThH · December 24, 2019, 3:18am

What I found very unfortunate with wireguard, is that it does not really give you an indication if the connection was established. What I have found as an indicator, that it is not connected if there are no bytes received.

Any “established” connection I had, had at least a few bytes received even if there was no traffic passing through.

I know this doesn’t really help, but maybe you could first start to find out, why connection is not really established.

akiel · December 24, 2019, 9:30am

It’s odd because I see the peer connected on the server also.

ThH · December 24, 2019, 9:32am

This could be, but the server is not responding, or the response is not received by the router.

Did you set the listen port or was it set automatically?

akiel · December 24, 2019, 9:34am

the port was set automatically

ThH · December 24, 2019, 9:37am

You could try setting it to the same port the server listens on 54321 as this was working on some configurations I had.

Could you post your redacted settings from the wireguard client page in the router interface.

akiel · December 24, 2019, 9:45am

Changing the port did not work.
Also playing with the DNS options like someone recommended in other threads is of no use.

ThH · December 24, 2019, 9:52am

Are the VPN policies active?
For me it worked best setting the IP of the local network outside the router as only “do not use” rule (If the router is connected directly to the internet the set “use only for” without setting any IP).

And I would have DNS set to 1.1.1.1 or 8.8.8.8 for testing until it runs and then take it from there.

akiel · December 25, 2019, 10:06am

I’m connected to a public hotspot with captive portal. It disconnects me every hour so I wrote a script to reconnect. The VPN policies are set so I can still access this portal with my script.

ThH · December 25, 2019, 3:39pm

And the wireguard settings are functioning within that same public hotspot with another device (as a lot of public hotspots limit the open ports, which could block the tunnel)?

akiel · December 25, 2019, 11:37pm

Yes, the same configuration is working on 2 other devices in the same network. (not at the same time)

ThH · December 26, 2019, 10:16pm

Then I don’t have any more suggestions on what to look for.

Nevertheless, I am still assuming a connection issue rather than a routing issue as long as the received packets are 0.

akiel · January 4, 2020, 3:41pm

You were correct. It was a connection problem.
I had written the wrong Preshared Key
Since for some reason I could’n import the file I was copypasting from another file and pasted the wrong key. Did not notice till today.
Now it’s wrorking.
It is anyways annoying that I don’t have access to any logs so it’s really difficult to debug when there’s a problem.
Thank you for your help.

ThH · January 4, 2020, 6:47pm

No Problem, glad it’s working.