Wireguard VPN - Connects but No Internet

kramer97 · August 22, 2022, 2:01am

Hey everyone,

I just picked up a second Gl-Inet devices to act as a “Server”. I currently have a GL-Inet which acts as a “Client” and I use it when travelling and use an external VPN provider with in the Wireguard config to act as a server, which works well. But now, I want to eliminate that VPN provider and create a tunnel via my Home ISP instead with Wireguard, so I bought the second GL-Inet device to act as that other server endpoint at home.

I followed the guide here - WireGuard Server - GL.iNet Docs

I did not get to the stage where I have to configure the Wireguard Client Config on my Gl-Inet endpoint which I’ll be travelling with, simply bc I’m doing some tests from my Mobile Phone (Wireguard installed) to the Wireguard Server at home on the new GliNet which I just setup, and its failing. I basically did as follows:

Created the VPN Server Config as instructed in the above doc. IPs as as follows:
ISP Modem/LAN Default GW: 20.0.0.1
GliNet Router IP - 20.0.0.6
Wireguard Server IP - 20.0.0.100
Wireguard Client IP - 20.0.0.99
Performed Port Forwarding to the Gl.Inet Router Server Box on my Home ISP router.
The VPN tunnel establishes successfully, I can verify both on my mobile and directly on the GL.Inet.
On my mobile phone with some network apps, I basically cannot ping the ISP default GW or 20.0.0.1, the router mgmt IP, the server IP, or itself - 20.0.0.99), can’t ping anything successfully.

5.This file looks good and it seems like the port forwarding is working as the tunnel establishes:
/etc/sysctl.d/10-default.conf
net.ipv4.ip_forward=1
net.ipv6.conf.default.forwarding=1
net.ipv6.conf.all.forwarding=1

Here is basically my config files, if anyone has any ideas, or if any steps or configurations were missed, that would be great. I made no other custom config or gui changes in the router other than what the document outlined.

Wireguard Server - Client File (this is loaded in my phone app)

[Interface]
Address = 20.0.0.99/32
ListenPort = 7388
PrivateKey = oPyP9drpNytsdfsdfV4GC6lE=
DNS = 64.6.64.6

[Peer]
AllowedIPs = 0.0.0.0/0,::/0
Endpoint = 1.1.1.1:45656 (My Public IP)
PersistentKeepalive = 25
PublicKey = bYXgXKpsfsfsfsfsfsfsfsfsf

wireguard_server file

config servers
option local_ipv6 ‘fdsd:dssd:5:asd::1’
option private_key ‘SPH/sdfsdfdf888d/qu3s2E7sdfsdfSjPG4=’
option public_key ‘bsdfsdf7y7y7777dfrm+ACsfkPDIwM=’
option local_port ‘45656’
option local_ip ‘20.0.0.100’
option access ‘DROP’
option enable ‘1’

config peers ‘wg_peer_7288’
option name ‘john’
option client_key ‘cg5/5Fpv+DsfJljm+Fiqcjz4=’
option private_key ‘sfsfNytRhYsfEV4GC6fsfffsfs=’
option client_ip ‘20.0.0.99/32’

I couldn’t find any docs on the wireguard_server file, not sure what “option access ‘DROP’” entails?

Thanks!

y2kbug · August 22, 2022, 3:05am

Do you use an Android phone? Can you show us the log?

alzhao · August 22, 2022, 9:31am

The wireguard is the backend, you should not change its IP address to 20.0.0.x. You should keep it unchanged.

kramer97 · August 22, 2022, 10:31am

Hey there. So by default, the wireguard server IP was the same IP as the ISP Modem (20.0.0.1), I wasn’t sure if that would have an IP conflict so I changed it to .100. So the Wireguard Server IP is still in the same subnet as the LAN. I can give it a try to change it back to .1.

kramer97 · August 22, 2022, 10:38am

Hey, I’m actually in an iPhone.

kramer97 · August 22, 2022, 1:36pm

Just an update for anyone who may run in to the same issue. The config seemed fine all along, I randomly rebooted the router and it started working flawlessly afterwards.