Wireguard Connection issues. Fritzbox 7530 and GL-AXT1800 / Slate AX

Emilk · May 4, 2024, 7:57am

Hello,

I have tried to set up a connection between my Fritzbox 7530 as Wireguard server and the slate AX as client for a few days. I finally managed after a few adjustments to get a green light, connection established, however no internet coming through (50kb shown, nothing loading). All my testing done while LTE Tethering of my Slate AX.

The goal is to use the router abroad while appearing with my home IP address.

my settings:
Fritzbox: Wireguard connection to other router, IP of distant client set to 10.0.0.0/24 (initially I tried adding the IP of the Slate AX, but that did not work) / 255.255.255.0, Dynamic DNS created at a free provider.

Config Slate AX
[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = XXXXXX
DNS = 192.168.178.1
MTU = 1460 → I played around here between 1300-1500, nothing changed

[Peer]
AllowedIPs = 192.168.178.0/24
Endpoint = XXXDynDNS: 51789
PersistentKeepalive = 25
PublicKey = XXX
PresharedKey = XXXX

Some of my slate AX log below
Sat May 4 09:30:01 2024 daemon.notice netifd: Interface ‘wgclient’ is setting up now
Sat May 4 09:30:01 2024 daemon.notice netifd: Network device ‘wgclient’ link is up
Sat May 4 09:30:01 2024 daemon.notice netifd: Interface ‘wgclient’ is now up
Sat May 4 09:30:01 2024 user.notice firewall: Reloading firewall due to ifup of wgclient (wgclient)
Sat May 4 09:30:04 2024 user.notice wgclient-up: env value:T_J_V_ifname=string J_V_address_external=1 USER=root ifname=wgclient ACTION=KEYPAIR-CREATED N_J_V_address_external=address-external SHLVL=3 J_V_keep=1 HOME=/ HOTPLUG_TYPE=wireguard T_J_V_interface=string J_V_ifname=wgclient T_J_V_link_up=boolean LOGNAME=root DEVICENAME= T_J_V_action=int TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin CONFIG_LIST_STATE= J_V_interface=wgclient K_J_V= action ifname link_up address_external keep interface J_V_link_up=1 J_V_action=0 T_J_V_address_external=boolean N_J_V_link_up=link-up T_J_V_keep=boolean PWD=/ JSON_CUR=J_V CONFIG_SECTIONS=global AzireVPN Mullvad FromApp group_2186 group_1504 group_4471 group_9712 peer_2001 group_3604 peer_2002 CONFIG_cfg030f15_ports=

I appreciate any support.
BR

admon · May 4, 2024, 7:58am

Hi,

what’s your ISP?
Do they use CGNAT?

Emilk · May 4, 2024, 8:39am

Hi, I am using German provider Telekom Magenta XL.
I did some research and it looks like they are providing real ipv4 and 6 addresses, not CGNATs

packetmonkey · May 4, 2024, 1:43pm

Why is your endpoint port set to a different port than the server is listening to? Are you port forwarding WAN 51789 to port 51820? Fine if you are, just want to verify. If not, this is a problem because your client is being told to connect to a port the server is not listening for.

Emilk · May 4, 2024, 5:05pm

Hi,

If I remember correctly, the Endpoint port in the (Peer) section is from the config file. the Listenport above is from some turotial in the internet.

However, If I change above port also with 51789, nothing changes, Wireguard connection is established, but no internet

packetmonkey · May 4, 2024, 5:19pm

There are two configs, one server and one client. They should match ports unless you are port forwarding a different external port to your wireguard internal port. It is possible the connection does not allow inbound traffic, but since this appears to be international I have no idea how common that may be in your locale.

Emilk · May 4, 2024, 6:45pm

Thanks, which port do you suggest I enter, the one shared in the config file of my server router?
Unfortunately, the problem is still there, Wireguard turning green, however, no data/internet

packetmonkey · May 4, 2024, 7:20pm

It doesn’t matter too much as long as the server listening port and the peer port are the same on both. Does your router get a real WAN ip from your provider? Does it match what you if you go to ipecho.net or ipchicken.com?

Emilk · May 5, 2024, 5:31pm

Hi, thanks for the advice. I made some adjustments and it does work now. Stable connection, with traffic flowing.

The adjustments I did are:

Changed [Interface] address to = 10.0.0.2/24. (previously Address = 10.0.0.1/32 ) and (PEER) allowed IPs to = 0.0.0.0/0, ::/0I (previously http://192.168.XXX/24) No Idea, but it does the trick

That’s really the only change I did, I just replayed and tested, and if I switch it back it won’t work anymore. Anyway works now