sufood
August 22, 2024, 1:54am
1
I setup a Wireguard server on a cloud VPS. I want to connect MANGO router as the wireguard client (to route LAN traffic to the remote Wireguard server). I thought it would be relatively easy. Alas...
After reading the Wireguard server documentation and after browsing these GL.iNet support forums to figure out how generate the client key since no method is provided in the GL.iNet interface, I ultimately configured my VPN client instance as:
[Interface]
# PublicKey = XXXXxxxxXXXXxxxxXXXXxxxxXXXXxxxxXXXXxxxxXXXX=
PrivateKey = XXXXxxxxXXXXxxxxXXXXxxxxXXXXxxxxXXXXxxxxXXXX=
Address = 10.0.1.2/32
MTU = 1400
[Peer]
Endpoint = subdomain.domain.tld:51820
PublicKey = XXXXxxxxXXXXxxxxXXXXxxxxXXXXxxxxXXXXxxxxXXXX=
AllowedIPs = 10.0.1.1/24
PersistentKeepalive = 25
However, when I attempt to start the VPN client within the GL.iNet interface, it simply says "Starting..." and never finalizes the connection. The log shows some warnings but nothing that appears actionable to me.
Wed Aug 21 15:59:38 2024 daemon.notice netifd: Interface 'wgclient' is setting up now
Wed Aug 21 15:59:40 2024 daemon.notice netifd: wgclient (30549): Warning: AllowedIP has nonzero host part: 10.0.1.1/24
Wed Aug 21 15:59:41 2024 user.notice mwan3[30548]: Execute ifdown event on interface wgclient (unknown)
Wed Aug 21 15:59:45 2024 user.notice firewall: Reloading firewall due to ifdown of wgclient ()
Wed Aug 21 15:59:54 2024 daemon.notice netifd: Interface 'wgclient' is now down
Wed Aug 21 15:59:56 2024 user.notice mwan3[31278]: Execute ifdown event on interface wgclient (unknown)
Where have I gone astray? What do I need to do next to make this work?
bruce
August 22, 2024, 2:45am
2
Here for your reference:
Try this profile in the phone/PC WGclient, to see if it can work
eric
August 22, 2024, 3:01am
3
You may want to change your AllowedIPs to:
AllowedIPs = 0.0.0.0/0
sufood
August 23, 2024, 9:31pm
4
Thank you both for the replies. I have modified the config to use 0.0.0.0 and also specified a DNS server.
[Interface]
PrivateKey = HIDDEN
Address = 10.0.1.2/32
MTU = 1400
DNS = 1.1.1.1
[Peer]
Endpoint = subdomain.domain.tld:51820
PublicKey = HIDDEN
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25
When I test with the official WG client, I am immediately able to connect. However, DNS is not working.
When I start the config in MANGO, it does not connect. Just like before. "The client is starting..." and never connects at all.
Fri Aug 23 15:27:02 2024 daemon.notice netifd: Interface 'wgclient' is setting up now
Fri Aug 23 15:27:07 2024 user.notice mwan3[30532]: Execute ifdown event on interface wgclient (unknown)
Fri Aug 23 15:27:10 2024 user.notice firewall: Reloading firewall due to ifdown of wgclient ()
Fri Aug 23 15:28:54 2024 user.notice wireguard-debug: USER=root ifname=wgclient ACTION=REKEY-GIVEUP SHLVL=1 HOME=/ HOTPLUG_TYPE=wireguard LOGNAME=root DEVICENAME= TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin PWD=/
Fri Aug 23 15:28:56 2024 daemon.notice netifd: wgclient (693): [!] Section @forwarding[0] is disabled, ignoring section
Fri Aug 23 15:28:56 2024 daemon.notice netifd: wgclient (693): [!] Section @forwarding[1] is disabled, ignoring section
Fri Aug 23 15:28:56 2024 daemon.notice netifd: wgclient (693): [!] Section nat6 option 'reload' is not supported by fw4
Fri Aug 23 15:28:56 2024 daemon.notice netifd: wgclient (693): [!] Section gls2s option 'reload' is not supported by fw4
Fri Aug 23 15:28:56 2024 daemon.notice netifd: wgclient (693): [!] Section gls2s specifies unreachable path '/var/etc/gls2s.include', ignoring section
Fri Aug 23 15:28:56 2024 daemon.notice netifd: wgclient (693): [!] Section glblock option 'reload' is not supported by fw4
Fri Aug 23 15:28:56 2024 daemon.notice netifd: wgclient (693): [!] Section vpn_server_policy option 'reload' is not supported by fw4
Fri Aug 23 15:28:56 2024 daemon.notice netifd: wgclient (693): [!] Automatically including '/usr/share/nftables.d/chain-pre/mangle_output/01-process_mark.nft'
Fri Aug 23 15:28:56 2024 daemon.notice netifd: wgclient (693): [!] Automatically including '/usr/share/nftables.d/chain-post/mangle_output/out_conn_mark_restore.nft'
Fri Aug 23 15:28:57 2024 daemon.notice netifd: wgclient (693): DROP all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 match-set GL_MAC_BLOCK src
Fri Aug 23 15:28:57 2024 daemon.notice netifd: wgclient (693): Failed to parse json data: unexpected character
Fri Aug 23 15:28:57 2024 daemon.notice netifd: wgclient (693): uci: Entry not found
Fri Aug 23 15:28:57 2024 daemon.notice netifd: wgclient (693): cat: can't open '/tmp/run/wg_resolved_ip': No such file or directory
Fri Aug 23 15:28:57 2024 daemon.notice netifd: Interface 'wgclient' is now down
Fri Aug 23 15:28:57 2024 daemon.notice netifd: Interface 'wgclient' is setting up now
Fri Aug 23 15:29:00 2024 user.notice mwan3[843]: Execute ifdown event on interface wgclient (unknown)
eric
August 24, 2024, 4:41am
5
On the official Wireguard client, you say it connects, but no DNS. What client are you using, Windows, Android, other?
From the official client, can you ping your Wireguard server by IP address?
neko
August 28, 2024, 9:45pm
6
sufood:
Address = 10.0.1.2/32
Have you tried to inform the ip addres as
*Address = 10.0.1.2/24
Instead of
*Address = 10.0.1.2/32