Wireguard configuration doesn't work properly

Dear all,

Im trying to configure Wireguard VPN on my GL-E750 Mudi and connect it to my Wireguard server configured on Keenetic GIGA. The issue is that it seems that I successfully configured VPN(indicator is green) and Im able to open local IPs(192.168.2.x) from the server side while connected to the client. But the issue is that all the traffic to other IPs bypassing VPN.

My goal is to configure VPN tunnel between Mudi and Keenetic giga and pass all the traffic from to client trough the VPN connection.

If I switch on “Internet kill switch” - Im able to open local IPs(192.168.2.x) only.
I’ve also tried to enable VPN policy for some particular IPs, but it still ignoring VPN connection.

Please advise what might be wrong with this?

Thanks,
Denis

Does you have allowedips configured in your wireguard config?

Can you show me the config?

Also did you set up vpn policies? If yes can you show it?

Dear alzhao,

Yes. I’ve tried 0.0.0.0/0,::/0.

on server side:
name - WG_for_mobile
address - 10.0.0.1/24
port - 51820

peers:
name - WG_mobile
address - WGmobrouterdomain.arlab1.cc:34282

on client side:
ip address - 172.16.85.18/24
port - 51821
dns - 8.8.8.8

peer
endpoint - 81.23.151.211:51820
allowed ips - 0.0.0.0/0,::/0
keep alive - 60

On server side I see a lot of sending and receiving handshake messages plus inbound and outbound traffic. But on client side I see an issue “No Internet Connection! Find new network to reconnect”

No policies configured on client side.

On server side :

image1882×628 63.3 KB

image2490×332 40.6 KB

image2484×376 40 KB

Thanks,
Denis

Dear alzhao,

Please see below.

Thanks,
Denis

Simple question, why do you use astrorelay?

Your server does not have a public IP?

Where did you install arc?

Can send me the details with screenshot via PM?

Because I wanna use my router on travel, so I connect it to the public wifi or to the 4g. Im not able to configure port forwarding on public wifi. and 4g for some reason Is under nat as well. So the only option what I have is to use reverse proxy. btw maybe you can suggest some alternative for astrorelay?

I installed arc on mudi(client device).

What is PM?

Dear alzhao,

Please see my answer above this message.

Thanks,
Denis

Dear @alzhao ,

it is self test for my server. It has 2 Wireguard connection. I’m not able to connect to WireGuard1.

For client I’ve configured:

image1222×1732 123 KB

Astro relay -

image2198×442 33.1 KB

Thanks,
Denis

I am very confused. What does Keenetic GIGA this do in this scenario?

You are being the E750 with you and you should not configure it as Wireguard server.

You should configure your server in a fixed place and configure E750 as Wireguard client.

Dear @alzhao ,

Keenetic GIGA is a router on which I have configured my server side of Wireguard.

GL-E750 Mudi is a mobile router on which I’m trying to have configured my client side.

Thanks,
Denis

Dear @alzhao,

And here is an example of messages on client side:

Dec 21 17:07:05

kernel

wireguard: Wireguard1: receiving handshake initiation from peer "sLgiR3BUkJuu2u/SWKRv/FoImHm+oKlKlRDJ+H/InEg=" (14) (92.63.204.21:52820)

Dec 21 17:07:05

kernel

wireguard: Wireguard1: sending handshake response to peer "sLgiR3BUkJuu2u/SWKRv/FoImHm+oKlKlRDJ+H/InEg=" (14) (92.63.204.21:52820)

It is receiving and sending handshakes to each other but not actually handshaking. I think it might be an issue with reverse proxy. Maybe if there another option to configure reverse proxy except astro relay. Could you please advise what can I use instead?

Thanks,
Denis

You should not, need not to use astrorelay.

Instead of posting publicly, pls just PM me the working config to have a check.

Short recap for whom it might be interesting. If you are not able to configure Wireguard because of dropping of UDP by some provider you might use zerotier. Works fine for Uzbekistan. https://harivemula.com/2021/09/18/routing-all-traffic-through-home-with-zerotier-on-travel/ and https://harivemula.com/2021/09/18/configure-travel-router-to-route-traffic-via-zerotier/.

Thanks,
Denis