WireGuard Server (GL-SFT1200 (Opal)) no internet access

lobo · March 28, 2024, 10:26am

Hello!

I’m having some issues with the WireGuard server on my GL-SFT1200 (Opal) router.
I have it enabled and have one client set up:

I’m connected from my laptop, the connection works and it shows on the router’s WireGuard Server section as you can see on the screenshot above.
The problem is that I’m not able to access the Internet. First time I set this up it was all working perfectly, but I think (I’m not 100% sure) that it stopped working after I did this: Access devices behind GL-SFT1200 (Opal) from different local subnet - #15 by lobo

I have seem a few posts in the forums having similar problems (not able to access the Internet) and I have tried a couple of things, like changing the DNS or changing the IP Address from 10.0.0.1 to something like 10.1.0.1, but no luck.

Also, I’ve noticed that, when connected to the OPAL router (without VPN), and I can access Internet with no issues, I’m able to ping the main router (192.168.1.1), but when I’m connected through the VPN I’m not even able to ping the main router, so it may be something regarding the Firewall - Zone Settings? I have no idea, here is how mine looks at the moment:

Any help is highly appreciated.

Thanks!

alzhao · March 30, 2024, 1:13am

So you set up Wireguard server on Opal and connect via your laptop’s Wireguard client, right?

You cannot do this when your laptop is connected to Opal directly.

You should connect when your laptop is in another network.

Also for the wireguard server, pls make sure you have set up correctly if you have a main router. You need to set up port forward on your main router.

lobo · March 30, 2024, 11:22am

Hello and thanks for your answer

When testing, I connect to the server from my laptop (connected to my mobile phone network). Connection works fine (so the main router has the port forward done correctly if I’m able to connect properly, right?)

This is my router’s port forwarding config:

I’m not sure what else can I check.

Thanks!

alzhao · March 31, 2024, 1:35am

The “client ip” in the wireguard server status is 192.168.8.138, which is not correct.

You cannot change the wireguard subnet to the same as the router’s subnet.

lobo · March 31, 2024, 8:58am

That screenshot where the WireGuard Server client list shows the 192.168.8.138 IP Address may be from one of the tests I did, probably still connected to the Opal router on my local network.

But for you to see what exactly shows when I’m connected to my mobile phone network and I connect to the VPN:

This is what it shows. And this is the config under Managment of WireGuard Server:

And this is the config I have on my WireGuard Client on my laptop:

IP Address settings on my laptop is set to DHCP also.

alzhao · April 2, 2024, 7:48am

I think everything just seems fine.

Can you send me a wireguard config to try out? You can send via email (support at glinet.biz and attn Alfie) or private message.

lobo · April 2, 2024, 8:31am

Ok, done! Sent it to you via message.

Thanks!

alzhao · April 2, 2024, 2:23pm

Turns out it is affected by settings in this post

Just need to revert the masquerading of lan to wan setting.

admon · April 2, 2024, 3:44pm

Should it be enabled or disabled?
Disabled I would guess?

lobo · April 2, 2024, 5:15pm

I had it disabled, which is what I needed to do in order to be able to access devices behind the Opal router from my main net.

Now, it seems like enabling it again fixes the VPN no internet issue, but I’m not at the router location at the moment so I can’t confirm if by enabling the Masquerading again “breaks” what I achieved in the other post.