Wireguard server doesn't work (GL-MT200N)

joe-trocken · March 27, 2020, 10:04pm

Maybe one of those will show if you actually have an IP address or not.

Yes, I looked at the admin menu of router #1 and found there this:

IP: 192.168.0.1
WAN IP Address: 10.162.XX.X (I never seen this IP anywhere)
IPv4 primary DNS: 62.109.121.17
IPv4 secondary DNS: 62.109.121.18

These IPs should be the same in order to complete the tunnel.

Of course. I changed the client config to 10.0.0.2/32 and tried again, but still without success.

EddieA · March 27, 2020, 10:07pm

That’s a private NAT address. Your router doesn’t have a public facing IP, so unless whoever provides the 4G service has a way to port forward, you have no way off directly addressing your router.

Cheers.

joe-trocken · March 27, 2020, 10:09pm

@EddieA
Okay, so the only way to set up a wg server is to change my provider? No way to change only my 4G router #1?

antifascista · March 28, 2020, 8:53am

You can try to ask your provider to go out your sim from his NAT.

briekske · March 28, 2020, 10:45am

You should have your MT200Nv2 running as server with a public IP. You can have your wireguard network connect two clients one to another. That’s what I do: I have my MT200Nv2 acting as server at someone elses home with a public IP, taking care of my wireguard traffic (at least i hope not all my traffic routes through his network all the time).

Does your smart device really need a VPN? It should be accessable world wide anyway if it’s a smart device, no?

joe-trocken · March 28, 2020, 11:03am

@briekske
So you need 3 devices to do that? One server at somebody’s home and two clients, right?

Yes, my smart home device (CCU2) needs or VPN or port forwarding…but port forwarding is too unsecure, I think (and it won’t work at my home anyway).

briekske · March 28, 2020, 11:32am

Well, as stated before: with a 4G connection chances are low you will have a public IP. My view is: or you change your connection to have a public IP or you have your wireguard server somewhere else with a public IP taking care of business.

Johnex · March 28, 2020, 12:58pm

Yeah you don’t want the CCU2 to be accessible to everyone over the net, you want to access it only via the VPN.

Like others have said, you need to make sure your 4G has a public IP. It is extremely common that is it not the case, your device is behind a double NAT, where ISP is assigning you a shared IP with many other devices, and assigns you a random Port as well, without a way to connect to it from the outside.

As others pointed out, you can get the public IP using a website, since the website will see where your connection is coming from. You can also do a remote port scan from a website, to see if the wireguard server port is open.