Wireguard server no client internet

Routers VPN, DNS, Leaks
1

Hi, newbie here.

I have followed all the guidelines and have failed to get Wireguard server working correctly.

I just purchased a MT6000 Flint 2 which arrived yesterday, hoping to get Wireguard Server running so that I can remotely connect my Android phone home (via wireguard app) and access local resources such as my Synology NAS, security cams, etc. and have miserably failed.

The MT6000 is my main and only router. Network configuration is probably the most basic you can get:

Android Phone <-4/5G-> Internet <-Fiber-> VirginMedia Router (Modem mode) <-Cat6-> MT6000 <-Cat6-> LAN devices

Local LAN is configured to 192.168.5.x (192.168.5.1 being the MT6000 router).

I setup Wireguard Server using default configurations (e.g. 10.0.0.1/24 port 51820 and ensured to switch on Remote Access LAN). I configured a client profile, again, using all standard configurations (e.g. client IP 10.0.0.2/24)

I exported the config (via QR code) to my phone directly into Wireguard's app (latest version from app store.

Over 4/5G network, I can connect to the MT6000 successfully. Wireguard's app shows me Tx/Rx activity and Wireguard Server on the MT6000 router shows a client is connected.

However, impossible to access any internet on my phone nor access the local network e.g. typing www.google.com on my phone's browser times out, typing 192.168.1.33 NAS IP times out. Basically, once connected, there is zero network on the phone.

I have tried changing server IP, disabling NAT hardware acceleration, stopping Adblock, etc. what am I missing?

Wireguard Config on phone:

Interfaces
Name: Test
Public key: [-removed-]
Addresses: 10.0.0.2/24
DNS servers: 64.6.64.6
MTU: 1420

Peer
Public key: [-removed-]
Allowed IPs: 0.0.0.0/0, ::/0
Endpoint: [-removed-]:51820
Persistent keepalive: every 25 seconds

Wireguard server config on MT6000:

IPv4 Address: 10.0.0.1/24 (have tried different addresses)
Listen Port: 51820 (have tried different ports)
Remote Access LAN: On (have tried off)
IP Masquerading: On (have tried off)
MTU: Optional
Client to Client: off

What am I missing? I suspect something to do with DNS settings?

Please could someone help?

Thank you!

2

Oh, forgot to mention, I tried setting using OpenVPN server instead and had exactly the same problem: successful connection to the MT6000, but once connected, no internet nor LAN on the mobile phone.

What am I missing?

3

Hi,

  1. As you mentioned I saw, the premise is that the phone can now be connected to the MT6000, right?
    But I saw you said the phone can not access the website page like Google.

    So please check this guide out, to check your configuration, especially the primary router, if does the VirginMedia Router enable forwarding the WG port 51820 for the MT6000 LAN IP, if does the VirginMedia Router have public Internet IP, etc.

    Guide: https://docs.gl-inet.com/router/en/4/interface_guide/wireguard/_server

  2. Please enable the remote access LAN for the clients access your LAN devices in the WG server of the MT6000: VPN Dashboard - GL.iNet Router Docs 4

4

Thank you so much for the reply Bruce. I followed both guides you refer to and successfully connected my phone to the MT6000 router, i.e. both phone and Wireguard server show connections, with Tx/Rx data increasing (although very slowly).

But beyond this, nothing more happens: no internet, no LAN devices, nothing.

I'm using the latest firmware version (which I installed during original setup).

Could this be something related to the DNS used in the config file / QR code generated by Wireguard server when adding a client profile? I leave DNS blank during the client setup and this produces a config file / QR code using DNS 64.6.64.6 - is this right?

Should the DNS be 10.0.0.1 (as per Wireguard Server IP configuration)? Or 192.168.5.1 (as per the router config)? Or simply 8.8.8.8 (Google DNS)? I tried the latter two, which didn't seem to work, but will try again this evening when I'm home.

But as I mentioned, followed the setup guide to the t without success.

5

have you tried flashing the latest firmware and erasing all settings?

6

Ok... so went through the painful process of resetting the firmware (system settings -> Reset Firmware -> Delete all and reboot). Logged back into the console, changed absolutely nothing from base configuration, went straight to VPN -> Wireguard server, configured everything with default out of the box settings, and... still nothing.

Wireguard app on Andoird phone via 5G connects to the server (I can see server side "1 client connected") but no sites on Android phone resolving... i.e. launching google.com in browser on phone times out.

I'm running latest June firmware 4.6.2 release 1 on the MT6000.

Installed Wireguard on my partner's 5 year old iphone, using the same QR code, and magically, everything works.

The principal difference is that once connected to the MT6000 router, the iphone's wireguard connection shows a "listenport = 58697" which my Huawei android phone does NOT.

Anyway, I have now spent the last hour following the full reset re-configuring LAN, WiFi, guest WiFis for IOT devices, Adguard, Parental control (to stop webcams accessing the WAN), Static IPs, and customised client names (for better visibility of the 28 IOT devices running in my home).

Hopefully a fix will be made available soon.

7

Following further online research it turns out the issue has something to do with my ISP, EE in the UK, who are using CGNAT, and whatever this is, it means Wireguard simply will not work from my cell phone...

Sorry to everyone for the inconvenience and thanks for the support!

8

Finally, I succeeded in making it work!

I had to create a new APN on my phone under:

Settings -> Mobile network -> mobile data -> access point names (APNs) -> new APN

I copied the exact same details of the existing APN (password field for EE is "secure" without quotes) with the exception of changing "APN protocol" field to IPv4 and not the default "IPv4/IPv6" which is used by EE

Once this APN created and enabled, hey presto Wireguard works !

2 Likes
9

I am not sure what is the reason and solution.

Seems it should be a problem of your home ISP.
But you solved on your phone? Why does this relate to your phone?

10

Hi Alzhao,

I genuinely have no idea, I'm not an expert on networks unfortunately. All I know is that with the phone's APN settings set to IPv4/IPv6, Wireguard connects but no communication takes place with my LAN or WAN. Everything times out. Whilst with APN settings configured to IPv4 only, Wireguard works as expected with all default settings.

Something about the phone or carrier maybe expecting v6 config from wireguard? My ISP VirginMedia is definitely providing an IPv4 address to the outside world, and as I say, I can connect to the router but no additional internet access. I've now found plenty of forums discussing VPN issues with EE's (carrier) APN's config set to IPv4/IPv6.

1 Like
11

OK. Seems this is the issue. IPv4 works OK.