WireGuard Peer-Config not accepted in GUI when Endpoint is a FQDN insted a IP-Adress – Opal | GL-SFT1200

Flash_what · July 28, 2025, 4:31pm

Device & Firmware Info:

Model: GL‑iNet GL‑SFT1200 (Opal)
OpenWrt base: 18.06
Kernel: 4.14.90
GL.iNet Firmware: 4.3.25

Problem: WireGuard peer config fails to save when using FQDN as endpoint.
When configuring a WireGuard peer in the Web UI, using a FQDN (e.g. example.com:51820) as the endpoint fails immediately during save.

Error message:
"An unknown error occurred. Please check your network environment or restart the device."
The error occurs before any connection attempt is made.
It also happens when the router has no internet connection, so this is not a DNS resolution issue.

How to Reproduce
Open the Web UI and create a new WireGuard peer.

Enter a FQDN in the Endpoint Host field (e.g. example.com:51820).

Click “Apply” or “Save”.

An error immediately appears, and the config is not saved.

Replace the FQDN with a static IP → Save works successfully.

Expected Behavior
Saving a peer config with a FQDN as endpoint should work as it does with an IP.

The field should accept both hostnames and IP addresses.

Internally, endpoint_host should be stored correctly.

Actual Behavior
The Web UI seems to reject FQDNs and only allows IPs.

Saving the config fails even before trying to establish a VPN connection.

Is there a known workaround?

bruce · July 29, 2025, 8:34am

Hi,

My teammate has tested this in the GL GUI, on the Opal with v4.3.25, the peer endpoint is domain (FQDN), it did not reproduce.

3f30d9886bf86c830abfa5f4c8404b5f

May I know the "endpoint" content is copied/pasted directly or keyboard by hand? How to reproduce the issue?

Flash_what · August 2, 2025, 9:13pm

Thank you very much for your reply.
I have now discovered that the hyphen in the URL seems to be the problem (for-example.com:51820).
When I remove it as a test, the GUI accepts the URL. Unfortunately, encoding the hyphen with ‘%2D’ does not work either.
Can anyone help me solve this problem?

9b9e69c2-4b75-4420 · August 2, 2025, 11:23pm

It looks like you've discovered a bug. @bruce , could you ask the GL devs if they know Bobby Tables?

Try encapsulating with ', ie: 'for-example.com:51820' or 'for-example.com':51820. The appropriate conf would be found at ll /etc/config/wireguard*. This is just speculation.

Flash_what · August 3, 2025, 10:04am

Thank you very much for pointing out that I could simply change the configuration directly via SSH to bypass the frontend bug (?). As a long-time hobby Linux user and home lab enthusiast, I should have thought of that myself. It works now!

bruce · August 6, 2025, 7:46am

Hi,

Thank you for your feedback.

We have reproduced this issue and submitted to R&D for further debugging and improve it.

system · September 5, 2025, 7:47am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.