WireGuard Client (Slate AXT1800) hanging while trying to start and not connecting to WireGuard Server (Flint AX1800) with Verizon G3100 router

cqdrim · September 2, 2023, 8:34pm

Hi all,

I’m hoping to receive some assistance with my setup. I’ve currently got a Flint AX1800 connected to a Verizon G3100 router via ethernet and a Slate AXT1800 connected to my a mobile hotspot.

Flint (v4.2.3) - WireGuard Server
Slate (v4.2.1) - WireGuard Client (note: I’ve tried with v4.2.3 as well)

For my WireGuard Server with the Flint router, I’ve set it up to enable DDNS. I cross-referenced my host name (xxxxxx.glddns.com) IP with my Public IP Address and found that they match (used nslookup). I have the IPv4 address and Listen Port using the default config (10.0.0.1/24 and 51820 respectively).

For my WireGuard Client with the Slate router, I have the config generated from the WireGuard Server after making a new ‘Profile’ it looks like the following:

[Interface]
Address = 10.0.0.2/24

PrivateKey = <----Private Key----->
DNS = 64.6.64.6
MTU = 1420

[Peer]
AllowedIPs = 0.0.0.0/0,::/0
Endpoint = (xxxxxx.glddns.com):51820
PersistentKeepalive = 25
PublicKey = <----Public Key----->

Earlier while I was doing my set up, in the Interface section I had a ListenPort. But then I upgraded my Flint and now it doesn’t give a ListenPort (I went down the rabbit hole of how there’s a unique situation with the Flint router in the case if it’s ‘bricked’. I didn’t go down those instructions. I believe I went from 4.2.1 to 4.2.3 but am not entirely sure if I started with 4.2.1). Nonetheless, before I had the ListenPort I was still having issues.

When I go to start my VPN WireGuard Client, it hangs saying ‘The client is starting, please wait…’ The logs say the following

Sat Sep 2 16:26:06 2023 daemon.notice netifd: Interface 'wgclient' is setting up now Sat Sep 2 16:27:53 2023 user.notice wireguard-debug: USER=root ifname=wgclient ACTION=REKEY-GIVEUP SHLVL=2 HOME=/ HOTPLUG_TYPE=wireguard LOGNAME=root DEVICENAME= TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin PWD=/ Sat Sep 2 16:27:53 2023 daemon.notice netifd: Interface 'wgclient' is now down Sat Sep 2 16:27:53 2023 daemon.notice netifd: Interface 'wgclient' is setting up now Sat Sep 2 16:27:53 2023 user.notice mwan3[24024]: Execute ifdown event on interface wgclient (unknown) Sat Sep 2 16:27:54 2023 user.notice firewall: Reloading firewall due to ifdown of wgclient ()

Also, I have port forwarding set up for my router. I had it set up with 51820 for the ports and the protocol I’ve used TCP/UDP, tried just TCP, and tried just UDP. For my Fwd to Address I put the default 192.168.8.1. I’m not sure if I should put my public IP address for that.

I hope I’ve given clear info on my setup. Any help on this would be much appreciated!

hansome · September 5, 2023, 11:18am

If Flint doesn’t have a public IP address, the port forward rule for the upstream router should be:
1.2.3.4:51820 – 192.168.1.x:51820, ie,
[upstream wan IP]:[external port] – [Flint wan IP]:[internal port].
UDP is okay for wireguard.

supopeterson · October 22, 2023, 2:02pm

Are you able to connect successfully now, I’m having the same problem, If you can advise on how to resolve the issue I would appreciate it?

alzhao · October 22, 2023, 3:30pm

It just seems that there is no public IP. 99% is such cases.

FlaGator · April 24, 2024, 10:41am

I fixed this by turning IPV6 on as it wasn’t on by default, however I needed to do more on the server side to get access to local devices.

Setup -
Wireguard Client - GL-SFT1200 (also worked for my GL-MT300N V2)
Wireguard Server - PFSense

I ended up getting it to work. The issues that fixed it was enabling IPV6 on the gl router, by default this was off.

This allowed me to get acces to the internet when using Wireguard, however I still didn’t have access to my local devices. So I had to add the ip address range of the gl device (192.168.8.x) to the Peer setup on the Wireguard server.