Since a few days I try to set up a WireGuard VPN server on my
GL-MT300N-V2 (firmware version 3.025). I hope somebody can help me with this issue.
I want to have worldwide access to a smarthome device in the local network. This device is connected with a LAN cable to my GL-MT300. The GL.inet-router (router mode) is a client of another router which connects to 4G and has a DHCP server running. I setup up a port forwarding on router #1 (port 51820 to IP 192.168.1.166 - this is the static IP of GL-MT200N in LAN of router #1).
I set up a WireGuard server and on my mobile phone I made a WireGuard client connection (see qr code down - the keys and public IP are anonymized), but I have no access neither to the local network, nor the smarthome device, nor the internet (even handshake fails). So no success.
Thank you very much for some support!
Best wishes,
joe-trocken
Johnex Edit (decoded the QR code for easier support):
if my guess is right it looks like you created a static wan ip on the mt300. but it is outside the scope of the subnet. if that is what you did then change the forward on router 1 to 192.168.0.166 and the wan ip on mt300 to 192.168.0.166
Sorry, that was a mistake only in my posting here.
I checked the forwarding on router #1… it was right (192.168.0.166). Forwarding and wan ip is the same.
is this public or is it a perceived public subnet that is actually private using non private addressing. www.dnsleaktest.com = 89.15.xxx.xx
true then public
Thanks for your help.
I started a standard and an extended test on dnsleaktest.com
I receive no “true” or “false” response, but a list of server ips i dont know (not the ip of router #1)
89.15.xxx.xx are the settings of client in the wireguard app and also same as the ip showed at dnsleaktest… do you mean that? sorry for this questions, my english is very bad
One more test you can do is, in the GL UI, go to Applications → Remote Access and temporarily Enable HTTP Remote Access. With another pc on another network, you can go to the IP 89.15.xxx.xx in your browser, and you should see the GL UI there.
It is possible your 4G stick has a mini firewall where you need to open ports as well, that would be an easy test.
lets recapp here and re-ask questions here
you have a single mt-300n-v2
you are somewhere on the internet (light explain here) on some kind of client(explain again here) trying to connect to a 4g device (explain here) that is connected to an mt-300n-v2 running wireguard server (wan-192.168.0.166 and lan-192.168.8.1) and want local access to an ethernet smart home device connected to the lan port of the mt-300N-v2 on 192.168.8.x network.
you are somewhere on the internet on some kind of client
I want to use my mobile phone (Wireguard Android app) when I’m not at home to access my LAN (see down).
trying to connect to a 4g device (explain here)
yes, it’s a mobile router manufactured by ZTE I use at home. Unfortunately it has no open firmware like dd-wrt or so, but a closed “provider firmware”.
that is connected to an mt-300n-v2 running wireguard server (wan-192.168.0.166 and lan-192.168.8.1)
yes, the 4G router is router #1 and MT-300 is router #2. I cannot use 4G with MT-300 directly, so that’s why I need the 4G router #1.
and want local access to an ethernet smart home device connected to the lan port of the mt-300N-v2 on 192.168.8.x network.
Yes, exactly.
@Johnex
Thanks for the hint. Is there an (other) port forwarding needed for this, port 80 or so? I tried it to access the GL UI from outside after I nabled HTTP Remote Access (with port 80 forwarding to GL-MT300), but it didn’t work (“Request timed out”).
On a PC/laptop behind your 4G router, try browsing to 192.168.1.1 which hopefully brings up some configuration pages. Maybe one of those will show if you actually have an IP address or not.
Next, on your client configuration you have the IP defined as 10.0.0.4/32. But your server is configured to listen for 10.0.0.2/32. These IPs should be the same in order to complete the tunnel.