Wireguard not starting

Technical Support for Routers
1

I wonder if someone can help me with my problem with wireguard on a GL-AR750. I upgraded to the latest firmware version and even tried the pre-release version (gl-ar750-mesh-0912.bin).

I want to start the wireguard server via the GUI, but pressing the start button simply has no effect.

I connected via ssh to the router and only trying to stop the service triggers some “response” -see below

Anyone got a clue what’s going wrong?

Ulrich

root@GL-AR750:~# /etc/init.d/wireguard start
root@GL-AR750:~# wg show
root@GL-AR750:~# /etc/init.d/wireguard stop
uci: Entry not found
uci: Entry not found
uci: Entry not found
uci: Entry not found
uci: Entry not found
uci: Entry not found
uci: Entry not found
uci: Entry not found

  • Clearing IPv4 filter table
  • Clearing IPv4 nat table
  • Clearing IPv4 mangle table
  • Clearing IPv4 raw table
  • Populating IPv4 filter table
    • Rule ‘Allow-DHCP-Renew’
    • Rule ‘Allow-Ping’
    • Rule ‘Allow-IGMP’
    • Rule ‘Allow-IPSec-ESP’
    • Rule ‘Allow-ISAKMP’
    • Rule ‘guestzone_DHCP’
    • Rule ‘guestzone_DNS’
    • Forward ‘lan’ → ‘wan’
    • Forward ‘guestzone’ → ‘wan’
    • Zone ‘lan’
    • Zone ‘wan’
    • Zone ‘guestzone’
  • Populating IPv4 nat table
    • Zone ‘lan’
    • Zone ‘wan’
    • Zone ‘guestzone’
  • Populating IPv4 mangle table
    • Zone ‘lan’
    • Zone ‘wan’
    • Zone ‘guestzone’
  • Populating IPv4 raw table
    • Zone ‘lan’
      • Using automatic conntrack helper attachment
    • Zone ‘wan’
    • Zone ‘guestzone’
      • Using automatic conntrack helper attachment
  • Clearing IPv6 filter table
  • Clearing IPv6 mangle table
  • Populating IPv6 filter table
    • Rule ‘Allow-DHCPv6’
    • Rule ‘Allow-MLD’
    • Rule ‘Allow-ICMPv6-Input’
    • Rule ‘Allow-ICMPv6-Forward’
    • Rule ‘Allow-IPSec-ESP’
    • Rule ‘Allow-ISAKMP’
    • Rule ‘guestzone_DHCP’
    • Rule ‘guestzone_DNS’
    • Forward ‘lan’ → ‘wan’
    • Forward ‘guestzone’ → ‘wan’
    • Zone ‘lan’
    • Zone ‘wan’
    • Zone ‘guestzone’
  • Populating IPv6 mangle table
    • Zone ‘lan’
    • Zone ‘wan’
    • Zone ‘guestzone’
  • Set tcp_ecn to off
  • Set tcp_syncookies to on
  • Set tcp_window_scaling to on
  • Running script ‘/etc/firewall.user’
    uci: Entry not found
    uci: Entry not found
    iptables: No chain/target/match by that name.
    iptables: No chain/target/match by that name.
    ipset v7.3: The set with the given name does not exist
  • Running script ‘/usr/bin/glfw.sh’
    uci: Entry not found
    /etc/rc.common: .: line 5: can’t open ‘/lib/mwan3/mwan3.sh’: No such file or directory
    ! Failed with exit code 2
  • Running script ‘/usr/sbin/glqos.sh’
    /etc/rc.common: .: line 5: can’t open ‘/lib/mwan3/mwan3.sh’: No such file or directory
    ! Failed with exit code 2
    uci: Entry not found
2

Did you uninstall the mwan3 package?
/etc/rc.common: .: line 5: can’t open ‘/lib/mwan3/mwan3.sh’: No such file or directory

3

You need to edit /etc/config/wireguard first
Example

config proxy
	option main_server 'ttt'
	option enable '1'

config peers 'wg_peer_1082'
	option name 'ttt'
	option address '10.0.0.2/32'
	option listen_port '16606'
	option private_key 'sKW8r3TwNrPkm1YtfImKucvrOigR0ipv0X7v51Opj30='
	option dns '64.6.64.6'
	option end_point '85.25.210.73:51820'
	option public_key 'VJ3UI5RRQWoZnvmttzqGdm/Dc1WRG010vei30UBUZi8='
	option allowed_ips '0.0.0.0/0'
	option persistent_keepalive '25'
4

Thanks a lot for your hints!!

  • I managed to install the mwan3 package but while it resolved the error messages, it did not make it work…
  • I played a bit around with the config but without success.

I had hoped that the gl-inet gui does all this automatically and I don’t have to tinker with the config files and package installations myself. (all the other parts of the GUI are so nice straightforward:)

As I need the device to work, I guess I’ll rather play with wireguard on a raspi beforehand to learn all the commands etc.

Has anyone else tried the wireguard-server and got it working out of the box without fiddling? (thus: is this a bug which I should register or is it just my installation [which is a fresh install of the latest firmware.])

5

I’ve got wireguard working well by just using the latest portal detect testing firmware and a profile from my Tunsafe account.

6

I have a GL-AR300M16 running firmware 3.024 as my Wireguard server, as I did not want to add the out-of-tree Wireguard module to my firewall. I did all the Wireguard configuration for my GL-AR300M16 using the GUI, with no command line entries necessary.

Wireguard clients I have used with this server include a GL-USB150, GL-AR750 and the Windows 10 Wireguard client. The AR300M16 has been a vary stable Wireguard server for over a month.

7

Hi Eric,

Thanks for the info - now I know that it is a problem only affecting my device.

I now played around again and it seems that something is broken with my firmware - including the correct re-flashing of the firmware. While it pretends to flash a new firmware, it doesn’t do anything… I’ll have to sort this out first.

1 Like