Wireguard client works on PC but not on router GL-AR300M

Catafratto · September 9, 2023, 5:05pm

Hello, I’ve installed a wg server and the client from my pc works. But when I put the same config on the router it doesn’t want to work in any way. Yellow dot always. Can someone help me please? Thanks

Catafratto · September 9, 2023, 5:26pm

CLIENT CONF:

[Interface]
PrivateKey = SKhXXXXXXXXXXXXXXXXXXXXXXX
Address = 10.66.66.2/32,fd42:42:42::2/128
DNS = 1.1.1.1,1.0.0.1

[Peer]
PublicKey = OmvxXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
PresharedKey = wDVD8XXXXXXXXXXXXXXXXXXXXXXXXXXXX
Endpoint = XXXX:49340
AllowedIPs = 0.0.0.0/0,::/0

SERVER CONF

[Interface]
Address = 10.66.66.1/24,fd42:42:42::1/64
ListenPort = 49340
PrivateKey = aN4iNWXXXXXXXXXXXXXXXXXXXXXXXXXXX
PostUp = iptables -I INPUT -p udp --dport 49340 -j ACCEPT
PostUp = iptables -I FORWARD -i eth0 -o wg0 -j ACCEPT
PostUp = iptables -I FORWARD -i wg0 -j ACCEPT
PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostUp = ip6tables -I FORWARD -i wg0 -j ACCEPT
PostUp = ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D INPUT -p udp --dport 49340 -j ACCEPT
PostDown = iptables -D FORWARD -i eth0 -o wg0 -j ACCEPT
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT
PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
PostDown = ip6tables -D FORWARD -i wg0 -j ACCEPT
PostDown = ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

### Client wireguard
[Peer]
PublicKey = S4WQXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
PresharedKey = wDXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
AllowedIPs = 10.66.66.2/32,fd42:42:42::2/128

Please still keep in mind that everything works on my PC with wireguard client but it doesnt work on the router GL-AR300M
OpenVPN works. but i need WG

Catafratto · September 10, 2023, 11:33am

Can someone help me please

Catafratto · September 10, 2023, 1:25pm

I found why wireguard does not work on my gl.inet ar300m router:

Sun Sep 10 15:23:56 2023 user.notice firewall: Reloading firewall due to ifdown of wgclient ()
Sun Sep 10 15:23:57 2023 daemon.notice netifd: Interface 'wgclient' is setting up now
Sun Sep 10 15:23:58 2023 daemon.notice netifd: wgclient (10535): RTNETLINK answers: Permission denied

Can someone help me, those are logs from the router, i don’t know what to do

Catafratto · September 10, 2023, 1:35pm

I solevd the last error by enabling ipv6 on router, but now it still does not work and says all this

Sun Sep 10 15:30:29 2023 daemon.notice netifd: Interface 'wgclient' is setting up now
Sun Sep 10 15:32:21 2023 user.notice wireguard-debug: USER=root ifname=wgclient ACTION=REKEY-GIVEUP SHLVL=1 HOME=/ HOTPLUG_TYPE=wireguard LOGNAME=root DEVICENAME= TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin PWD=/
Sun Sep 10 15:32:26 2023 daemon.notice netifd: wgclient (24636): [!] Section @forwarding[0] is disabled, ignoring section
Sun Sep 10 15:32:26 2023 daemon.notice netifd: wgclient (24636): [!] Section @forwarding[1] is disabled, ignoring section
Sun Sep 10 15:32:26 2023 daemon.notice netifd: wgclient (24636): [!] Section gls2s option 'reload' is not supported by fw4
Sun Sep 10 15:32:26 2023 daemon.notice netifd: wgclient (24636): [!] Section gls2s specifies unreachable path '/var/etc/gls2s.include', ignoring section
Sun Sep 10 15:32:26 2023 daemon.notice netifd: wgclient (24636): [!] Section glblock option 'reload' is not supported by fw4
Sun Sep 10 15:32:26 2023 daemon.notice netifd: wgclient (24636): [!] Section vpn_server_policy option 'reload' is not supported by fw4
Sun Sep 10 15:32:26 2023 daemon.notice netifd: wgclient (24636): [!] Automatically including '/usr/share/nftables.d/chain-pre/mangle_output/01-process_mark.nft'
Sun Sep 10 15:32:26 2023 daemon.notice netifd: wgclient (24636): [!] Automatically including '/usr/share/nftables.d/chain-post/mangle_output/out_conn_mark_restore.nft'
Sun Sep 10 15:32:28 2023 daemon.notice netifd: wgclient (24636): DROP  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   match-set GL_MAC_BLOCK src
Sun Sep 10 15:32:29 2023 daemon.notice netifd: wgclient (24636): Failed to parse json data: unexpected character
Sun Sep 10 15:32:29 2023 daemon.notice netifd: wgclient (24636): uci: Entry not found
Sun Sep 10 15:32:29 2023 daemon.notice netifd: wgclient (24636): cat: can't open '/tmp/run/wg_resolved_ip': No such file or directory
Sun Sep 10 15:32:29 2023 daemon.notice netifd: Interface 'wgclient' is now down
Sun Sep 10 15:32:29 2023 daemon.notice netifd: Interface 'wgclient' is setting up now
Sun Sep 10 15:32:31 2023 user.notice mwan3[24817]: Execute ifdown event on interface wgclient (unknown)
Sun Sep 10 15:32:35 2023 user.notice firewall: Reloading firewall due to ifdown of wgclient ()

Catafratto · September 10, 2023, 2:33pm

Does this mean something to me? Thanks

hansome · September 11, 2023, 2:46am

Please export log at SYSTEM - log page
and send me by PM.

Are you using this firmware?
https://dl.gl-inet.com/?model=ar300m16&type=beta

Catafratto · September 11, 2023, 10:16am

Yes, i tried with 3.x firmware then i installed the 4.x beta for ar300m116 and still dont work.
I’ll send you now in PM the whole logs and the config file for my wireguard vpn.
Keep in mind that the logs are full of openvpn connect and disconnect just because i was trying many ovpn conf files, but openvpn works. The problem is with wireguard, i’ll now try to connect wg client again so on the last lines for the logs you will see the wgclient bug i’m telling. Reaching you now in pm thanks