I’m trying to set up both server and client on 2 different Beryl AX. Something is not going right. I am not super good at this and read the docs and forums and watched YouTube. But I really need this to work soon and can’t figure out what is wrong. I have Xfinity for internet and set up a port forwarding. Can you tell what is wrong from the screenshots?
Are you still having trouble, and if so, can you include the screen shots?
Yes, still having trouble thank you. It says since I’m a new user I can only put one image but trying here for the others. Sorry they aren’t the best, I probably need to paste the actual log and can do that when I’m back on it in a bit.
REKEY-GIVEUP indicated that you can’t reach the port of the wireguard server you are connecting to.
Is the wg server behind CGNAT maybe? (What is the external IP of the router which acts like a server, according to the GUI?)
Is this the Xfinity router or the Beryl I set up as a server? This image is from Xfinity settings. I’m not sure where to look in the WG GUI to find the external IP.
It looks to me like the Xfinity modem is in router mode.
So in the Xfinity router admin menu you can try to enable port forward for UDP 51820 to the private ip address assigned to your gl.inet router, which looks to be 10.0.0.171.
Also you might check the WireGuard Client config file (it is a plain text file) that the server IP address matches the public ip assigned to your Xfinity modem.
Alternative is to change the Xfinity modem to bridge mode, if you are not also using xFi wifi as your wifi. In bridge mode, the glinet router will be assigned the external IP address currently assigned to your Xfinity modem.
Eventually you may want to try to enable glddns and use the GL dynamic dns name instead of the server IP, in case Xfinity ever changes your public IP address.
Thank you for your reply.
I believe I set port forwarding correctly (first screen shot).
I do have Xfi, so in that case I cannot set to bridge mode?
After reading your reply, I looked at the config file and saw it has an IP starting with 192 but my public Xfinity starts with 73. So I changed it to the public Xfinity IP but still nothing.
Also previously I did try ddns. I set it up and in the config file was the URL instead of IP. but that also did not work for me. I am not sure what is going wrong or what to do next.
I wasn’t able to find the port forwarding screen shot.
AFAIK, if you put the Xfinity modem into bridge mode, you would lose the Xfinity wifi.
Can you show us the contents the client config file, being careful to remove the any of the values for the keys?
The first below is the original config file. I tried pasting that to client and nothing.
The second is when I enabled DDNS (I also set it up under applications). Tried pasting that for client and nothing.
The third is when I input my Xfinity public IP instead of the other IP and nothing.
For these screenshots I completely deleted the keys but of course they were there when pasted.
I uploaded the screenshot again. Thank you for your replies.
[Interface]
Address = 10.0.0.2/24
PrivateKey =
DNS = 64.6.64.6
MTU = 1420
[Peer]
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = 10.0.0.3:51820
PersistentKeepalive = 25
PublicKey =
[Interface]
Address = 10.0.0.2/24
PrivateKey =
DNS = 64.6.64.6
MTU = 1420
[Peer]
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = xxxxxxx.glddns.com:51820
PersistentKeepalive = 25
PublicKey =
[Interface]
Address = 10.0.0.2/24
PrivateKey =
DNS = 64.6.64.6
MTU = 1420
[Peer]
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = 73.xxx.xxx.xx:51820
PersistentKeepalive = 25
PublicKey =
Thanks for posting this info. I wonder if the problem might be that the Xfinity modem is using the 10.0.0.x subnet, and the Beryl Wireguard server appears to be using the same subnet for the Wireguard assigned IP addresses. You might try to reconfigure the Wireguard server and generate a new client config also. See step 2 in the gl.inet Wireguard server tutorial:
The default configuration works for most cases. If you found the IPv4 address conflict with your upper router’s gateway, click the Apply button after modification. You can modify it as 10.1.0.1/24 , please don’t forget to put /24 at the end, otherwise you clients cannot get connections.
It was so simple I feel really stupid. I followed your advise and still couldn’t connect. So then I was reading how it can’t be on same network when trying. So I connected the client to my phone hotspot and it worked!!! Thank you for all the help.
Glad it’s working now. Yes, wireguard listens on the WAN port and testing with an external device is the only way to know for sure that the config will work when you are away from home. With your Xfinity modem, the port forwarding and changing the wireguard subnet are necessary.