I have setup a wireguard client on my GL-AX1800.
It does connect, but I dont have internet on my connected devices
When I switch off the client on the router, the client do have internet.
And when after this switch on the wireguard client on the connected device instead of the router. It is working fine.
Meaning I would say the wireguard server (owned and setup by me) and the client setting looks fine.
What could cause the issue?
The router is on version 3.214
AdguardHome is running (switched off no difference)
IGMPv3 is running ( switched off no difference)
do you have an another router with NAT befor your WG server ?
If yes, did you open ports so that the WG server could listen for incoming traffic from WG clients?
What are allowed IPs do you have in WG client settings?
There is another router beforethe AX1800,but this will be the case on the location where to be used also and on that location I have no control on the ports. Besides when I do use the WireGuard from my device it is working. Connected via de AX1800 and also via the router before. The AX1800 is making connection. I see it is connnected.
There is no router in front of the Wireguard server.
Only thing which seems not ok:
On the server end I can see this:
endpoint: xxxxxxxxxxxx:51820
allowed ips: (none)
latest handshake: 39 seconds ago
transfer: 1.07 MiB received, 2.23 MiB sent
The settings on the AX1800 site are:
(Client setup)
[Interface]
Address = 192.168.33.3/32
ListenPort = 51820
PrivateKey = xxxxxx
MTU = 1420
DNS = 1.1.1.1
What result do you get if you will ping the WG server from the WG client?
According to the Wireguard documentation, the WG server must have allowed ips from at least the internal WG subnet, i.e. in your case at least for your client allowed ips: 192.168.33.3/32
or as a proxy for all nodes allowed ips: 0.0.0.0/0,::/0
How do i ping from the AX1800 to my wg server? I have the same kind of settings on other devices and those work as expected only the AX1800 seem to have an issue
and on the AX1800:
kmod-wireguard 4.4.60+1.0.20200611-2
wireguard 1.0.20200611-2
wireguard-tools 1.0.20191226-1
I would expect it should be working with the AX1800 also or do you have an option to align the AX1800 software with the AXT1800.
I did buy the AX1800 because with would be a better fit but now it looks like a waste of money… hope to hear the solution!!
Thu Dec 29 22:53:13 2022 daemon.info gl_mqtt_service[6163]: mqtt init success!
Thu Dec 29 22:53:13 2022 daemon.info gl_mqtt_service[6163]: Subscribe succeeded
Thu Dec 29 22:53:13 2022 daemon.info gl_mqtt_service[6163]: Subscribe succeeded
Thu Dec 29 22:53:13 2022 daemon.info dnsmasq[4994]: exiting on receipt of SIGTERM
Thu Dec 29 22:53:13 2022 daemon.info dnsmasq[7729]: started, version 2.80 cachesize 150
Thu Dec 29 22:53:13 2022 daemon.info dnsmasq[7729]: DNS service limited to local subnets
Thu Dec 29 22:53:13 2022 daemon.info dnsmasq[7729]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth nettlehash DNSSEC no-ID loop-detect inotify dumpfile
Thu Dec 29 22:53:13 2022 daemon.info dnsmasq-dhcp[7729]: DHCP, IP range 192.168.9.100 – 192.168.9.249, lease time 12h
Thu Dec 29 22:53:13 2022 daemon.info dnsmasq-dhcp[7729]: DHCP, IP range 192.168.8.100 – 192.168.8.249, lease time 12h
Thu Dec 29 22:53:13 2022 daemon.info dnsmasq-dhcp[7729]: IPv6 router advertisement enabled
Thu Dec 29 22:53:13 2022 daemon.info dnsmasq[7729]: using local addresses only for domain test
Thu Dec 29 22:53:13 2022 daemon.info dnsmasq[7729]: using local addresses only for domain onion
Thu Dec 29 22:53:13 2022 daemon.info dnsmasq[7729]: using local addresses only for domain localhost
Thu Dec 29 22:53:13 2022 daemon.info dnsmasq[7729]: using local addresses only for domain local
Thu Dec 29 22:53:13 2022 daemon.info dnsmasq[7729]: using local addresses only for domain invalid
Thu Dec 29 22:53:13 2022 daemon.info dnsmasq[7729]: using local addresses only for domain bind
Thu Dec 29 22:53:13 2022 daemon.info dnsmasq[7729]: using nameserver 127.0.0.1#3053
Thu Dec 29 22:53:13 2022 daemon.info dnsmasq[7729]: using local addresses only for domain lan
Thu Dec 29 22:53:13 2022 daemon.info dnsmasq[7729]: read /etc/hosts - 1 addresses
Thu Dec 29 22:53:13 2022 daemon.info dnsmasq[7729]: read /tmp/hosts/dhcp.cfg02411c - 5 addresses
Thu Dec 29 22:53:13 2022 daemon.err dnsmasq-dhcp[7729]: failed to read /etc/ethers: No such file or directory
Thu Dec 29 22:53:20 2022 user.info mwan3rtmon[3319]: Detect rtchange event.
Thu Dec 29 22:53:20 2022 daemon.info dnsmasq[7729]: exiting on receipt of SIGTERM
Thu Dec 29 22:53:24 2022 daemon.info dnsmasq[8469]: started, version 2.80 cachesize 150
Thu Dec 29 22:53:24 2022 daemon.info dnsmasq[8469]: DNS service limited to local subnets
Thu Dec 29 22:53:24 2022 daemon.info dnsmasq[8469]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth nettlehash DNSSEC no-ID loop-detect inotify dumpfile
Thu Dec 29 22:53:24 2022 daemon.info dnsmasq-dhcp[8469]: DHCP, IP range 192.168.9.100 – 192.168.9.249, lease time 12h
Thu Dec 29 22:53:24 2022 daemon.info dnsmasq-dhcp[8469]: DHCP, IP range 192.168.8.100 – 192.168.8.249, lease time 12h
Thu Dec 29 22:53:24 2022 daemon.info dnsmasq-dhcp[8469]: IPv6 router advertisement enabled
Thu Dec 29 22:53:24 2022 daemon.info dnsmasq[8469]: using local addresses only for domain test
Thu Dec 29 22:53:24 2022 daemon.info dnsmasq[8469]: using local addresses only for domain onion
Thu Dec 29 22:53:24 2022 daemon.info dnsmasq[8469]: using local addresses only for domain localhost
Thu Dec 29 22:53:24 2022 daemon.info dnsmasq[8469]: using local addresses only for domain local
Thu Dec 29 22:53:24 2022 daemon.info dnsmasq[8469]: using local addresses only for domain invalid
Thu Dec 29 22:53:24 2022 daemon.info dnsmasq[8469]: using local addresses only for domain bind
Thu Dec 29 22:53:24 2022 daemon.info dnsmasq[8469]: using nameserver 127.0.0.1#3053
Thu Dec 29 22:53:24 2022 daemon.info dnsmasq[8469]: using local addresses only for domain lan
Thu Dec 29 22:53:24 2022 daemon.info dnsmasq[8469]: read /etc/hosts - 1 addresses
Thu Dec 29 22:53:24 2022 daemon.info dnsmasq[8469]: read /tmp/hosts/dhcp.cfg02411c - 5 addresses
Thu Dec 29 22:53:24 2022 daemon.err dnsmasq-dhcp[8469]: failed to read /etc/ethers: No such file or directory
Thu Dec 29 22:53:24 2022 user.notice firewall: Reloading firewall due to ifup of guest (br-guest)
Thu Dec 29 22:54:23 2022 daemon.info hostapd: ath1: STA 08:f8:bc:6a:a6:65 IEEE 802.11: authenticated
Thu Dec 29 22:54:23 2022 daemon.info hostapd: ath1: STA 08:f8:bc:6a:a6:65 IEEE 802.11: associated (aid 1)
Thu Dec 29 22:54:23 2022 daemon.info hostapd: ath1: STA 08:f8:bc:6a:a6:65 WPA: sending 1/4 msg of 4-Way Handshake
Thu Dec 29 22:54:23 2022 daemon.info hostapd: ath1: STA 08:f8:bc:6a:a6:65 WPA: received EAPOL-Key frame (2/4 Pairwise)
Thu Dec 29 22:54:23 2022 daemon.info hostapd: ath1: STA 08:f8:bc:6a:a6:65 WPA: sending 3/4 msg of 4-Way Handshake
Thu Dec 29 22:54:23 2022 daemon.info hostapd: ath1: STA 08:f8:bc:6a:a6:65 WPA: received EAPOL-Key frame (4/4 Pairwise)
Thu Dec 29 22:54:23 2022 daemon.info hostapd: ath1: STA 08:f8:bc:6a:a6:65 RADIUS: starting accounting session 0054CD2EFBE67D67
Thu Dec 29 22:54:23 2022 daemon.info hostapd: ath1: STA 08:f8:bc:6a:a6:65 WPA: pairwise key handshake completed (RSN)
Thu Dec 29 22:54:26 2022 daemon.info dnsmasq-dhcp[8469]: DHCPDISCOVER(br-lan) 08:f8:bc:6a:a6:65
Thu Dec 29 22:54:26 2022 daemon.info dnsmasq-dhcp[8469]: DHCPOFFER(br-lan) 192.168.8.197 08:f8:bc:6a:a6:65
Thu Dec 29 22:54:26 2022 daemon.info dnsmasq-dhcp[8469]: DHCPDISCOVER(br-lan) 08:f8:bc:6a:a6:65
Thu Dec 29 22:54:26 2022 daemon.info dnsmasq-dhcp[8469]: DHCPOFFER(br-lan) 192.168.8.197 08:f8:bc:6a:a6:65
Thu Dec 29 22:54:27 2022 daemon.info dnsmasq-dhcp[8469]: DHCPREQUEST(br-lan) 192.168.8.197 08:f8:bc:6a:a6:65
Thu Dec 29 22:54:27 2022 daemon.info dnsmasq-dhcp[8469]: DHCPACK(br-lan) 192.168.8.197 08:f8:bc:6a:a6:65 MBPPrinultingBV
Thu Dec 29 22:54:29 2022 daemon.warn dnsmasq[8469]: nameserver 127.0.0.1 refused to do a recursive query
Thu Dec 29 22:55:00 2022 user.debug : ------ss-redir is not running!------
Thu Dec 29 22:55:00 2022 user.notice wireguard: wireguard client start
Thu Dec 29 22:55:00 2022 daemon.info dnsmasq[8469]: exiting on receipt of SIGTERM
Thu Dec 29 22:55:03 2022 daemon.info dnsmasq[12970]: started, version 2.80 cachesize 150
Thu Dec 29 22:55:03 2022 daemon.info dnsmasq[12970]: DNS service limited to local subnets
Thu Dec 29 22:55:03 2022 daemon.info dnsmasq[12970]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth nettlehash DNSSEC no-ID loop-detect inotify dumpfile
Thu Dec 29 22:55:03 2022 daemon.info dnsmasq-dhcp[12970]: DHCP, IP range 192.168.9.100 – 192.168.9.249, lease time 12h
Thu Dec 29 22:55:03 2022 daemon.info dnsmasq-dhcp[12970]: DHCP, IP range 192.168.8.100 – 192.168.8.249, lease time 12h
Thu Dec 29 22:55:03 2022 daemon.info dnsmasq-dhcp[12970]: IPv6 router advertisement enabled
Thu Dec 29 22:55:03 2022 daemon.info dnsmasq[12970]: using local addresses only for domain test
Thu Dec 29 22:55:03 2022 daemon.info dnsmasq[12970]: using local addresses only for domain onion
Thu Dec 29 22:55:03 2022 daemon.info dnsmasq[12970]: using local addresses only for domain localhost
Thu Dec 29 22:55:03 2022 daemon.info dnsmasq[12970]: using local addresses only for domain local
Thu Dec 29 22:55:03 2022 daemon.info dnsmasq[12970]: using local addresses only for domain invalid
Thu Dec 29 22:55:03 2022 daemon.info dnsmasq[12970]: using local addresses only for domain bind
Thu Dec 29 22:55:03 2022 daemon.info dnsmasq[12970]: using nameserver 127.0.0.1#3053
Thu Dec 29 22:55:03 2022 daemon.info dnsmasq[12970]: using local addresses only for domain lan
Thu Dec 29 22:55:03 2022 daemon.info dnsmasq[12970]: read /etc/hosts - 1 addresses
Thu Dec 29 22:55:03 2022 daemon.info dnsmasq[12970]: read /tmp/hosts/dhcp.cfg02411c - 5 addresses
Thu Dec 29 22:55:03 2022 daemon.err dnsmasq-dhcp[12970]: failed to read /etc/ethers: No such file or directory
Thu Dec 29 22:55:05 2022 user.info mwan3rtmon[3319]: Detect rtchange event.
Thu Dec 29 22:55:12 2022 user.notice wiregaurd: client start completed, del glwg.lock
Thu Dec 29 22:56:17 2022 daemon.warn gl_mqtt_service[6163]: Connection lost, cause = (null), Reconnecting
Thu Dec 29 22:56:27 2022 daemon.err gl_mqtt_service[6163]: url = http s://gslb-eu.goodcloud.xyz/gslb/getbucket?deviceType=1&mac=xxxxxxxx&sn=xxxxxxxx&ddns=xxxxxxxx×tamp=1672350977&sign=6393461d21bb7458ddf890596555fa8c
Thu Dec 29 22:56:27 2022 daemon.err gl_mqtt_service[6163]: utils_NLB failed! Wait for 5 seconds
Thu Dec 29 22:56:42 2022 daemon.err gl_mqtt_service[6163]: url = http s://gslb-eu.goodcloud.xyz/gslb/getbucket?deviceType=1&mac=xxxxxxxx&sn=xxxxxxxx&ddns=xxxxxxxx×tamp=1672350992&sign=fbb71cc19159c1ea3c7221b1745b0812
Thu Dec 29 22:56:42 2022 daemon.err gl_mqtt_service[6163]: utils_NLB failed! Wait for 10 seconds
Thu Dec 29 22:57:02 2022 daemon.err gl_mqtt_service[6163]: url = http s://gslb-eu.goodcloud.xyz/gslb/getbucket?deviceType=1&mac=xxxxxxxx&sn=xxxxxxxx&ddns=xxxxxxxx×tamp=1672351012&sign=3fef7d7d8848930ddf140cd88f230a6d
Thu Dec 29 22:57:02 2022 daemon.err gl_mqtt_service[6163]: utils_NLB failed! Wait for 30 seconds
Thu Dec 29 22:57:42 2022 daemon.err gl_mqtt_service[6163]: url = http s://gslb-eu.goodcloud.xyz/gslb/getbucket?deviceType=1&mac=xxxxxxxx&sn=xxxxxxxx&ddns=xxxxxxxx×tamp=1672351052&sign=2bb999ffad1714b9ba9f17b1b6510918
Thu Dec 29 22:57:42 2022 daemon.err gl_mqtt_service[6163]: utils_NLB failed! Wait for 60 seconds
I have changed the links in the log to http s://
after the Wireguard connection is setup it is failing for internet access.
I don’t have a Flint, but I have 4 Glinet routers, 3 of them have firmware v3.xx
All of them function perfectly in both scenario: WG server and WG client mode. Please show me a screenshot of the firewall settings from the LuCi interface.
Network > Firewall
Masquerading for wg zone must be activated.
Here are my working settings for WG client Gl router with firmware v3.15
If you have similar settings, but at the same time your WG client refuses to receive the Internet, I can only advise you to upgrade the firmware of your flint to v.4x, or making a backup of the settings and revert FW3.14 after that trying to configure the WG client again.
I did an upgrade to v.4x and now the fireware is the same as on my AXT1800. need to check if this fixes the issue.
The settings are now the same so I would expect it wil work.
Will check in the coming days and let you know.
the Wireguard is working now on the AX1800 only not when I enable “block all non vpn traffic” as all is blocked then… rather strange.
any Idea?
while checking on my AXT1800 I did change the format of the config of the client Wireguard and since that moment it wasn’t working any longer. I had to replace it with a brand new config. So I am a bit scared to touch anything working, but I still wanna know how to enable the block non vpn and keep all internet traffic working and not only the vpn connection itself and the access to the router itself…
