Wireguard VPN Server not working. Client Connecting, but nothing loads, OpenVPN works fine

WolfPackTackle · April 16, 2023, 5:37pm

I recently purchased a 300m mini smart router. It’s sitting behind my main router, and its only purpose is to act as a VPN server.
I can setup an OpenVPN server and connect from my phone no problem. Since WireGuard is supposed to be much faster though, I figure I should get that working. The problem is, I’m having a lot of trouble getting it working.

In the main router, I have port forwarded both the port for OpenVPN port and port 51820 for WireGuard, both UDP and TCP to the 300m.

Wireguard server says it is started, and will show that a client has connected, but shows almost no throughput, and the client can’t load anything. I’ve tried manually setting the DNS to 8.8.8.8, but no help.

Since the OpenVPN server works fine, im assuming there’s nothing wrong with my network setup. any ideas?
Here are the logs it shows, and a screenshot below.

"Sat Apr 15 21:28:33 2023 daemon.notice netifd: Interface ‘wgserver’ is setting up now
Sat Apr 15 21:28:33 2023 daemon.notice netifd: Interface ‘wgserver’ is now up
Sat Apr 15 21:28:33 2023 daemon.notice netifd: Network device ‘wgserver’ link is up
Sat Apr 15 21:28:33 2023 user.notice mwan3[16776]: Execute ifup event on interface wgserver (wgserver)
Sat Apr 15 21:28:33 2023 user.notice mwan3[16776]: Starting tracker on interface wgserver (wgserver)
Sat Apr 15 21:28:35 2023 user.notice firewall: Reloading firewall due to ifup of wgserver (wgserver)
Sat Apr 15 21:29:14 2023 daemon.notice netifd: Network device ‘wgserver’ link is down
Sat Apr 15 21:29:15 2023 user.notice mwan3[19571]: Execute ifdown event on interface wgserver (unknown)
Sat Apr 15 21:29:15 2023 daemon.notice netifd: Interface ‘wgserver’ is now down
Sat Apr 15 21:29:15 2023 user.notice firewall: Reloading firewall due to ifdown of wgserver ()
Sun Apr 16 12:56:20 2023 daemon.notice netifd: Interface ‘wgserver’ is setting up now
Sun Apr 16 12:56:20 2023 daemon.notice netifd: Interface ‘wgserver’ is now up
Sun Apr 16 12:56:20 2023 daemon.notice netifd: Network device ‘wgserver’ link is up
Sun Apr 16 12:56:21 2023 user.notice mwan3[11031]: Execute ifup event on interface wgserver (wgserver)
Sun Apr 16 12:56:21 2023 user.notice mwan3[11031]: Starting tracker on interface wgserver (wgserver)
Sun Apr 16 12:56:22 2023 user.notice firewall: Reloading firewall due to ifup of wgserver (wgserver)
"

alzhao · April 16, 2023, 11:38pm

What is the firmware version of your router?

Did you use vpn client (not server) and server the same time?

WolfPackTackle · April 17, 2023, 2:23am

I’m pretty sure it said 4.2 when I checked, but I clicked the update option in the web UI, it said there were no updates available.

No I am not using the VPN client, it is only a VPN server.

WolfPackTackle · April 20, 2023, 7:44pm

@alzhao any thoughts? we actually purchased a second unit, and went to install it on another network, and are having the exact same issue. There is very little to do to set up the VPN so we arent sure were we could be going wrong.

The odd part is, for both devices, even though it isnt the main router, somehow when someone connects to the wireguard VPN, it brings the entire network to a standstill. any device connected to the router sitting behind the VPN is still unable to connect, and just sits there spinning forever and timing out.

Logs from the second device.

"Thu Apr 20 15:37:34 2023 daemon.notice netifd: Interface ‘wgserver’ is setting up now
Thu Apr 20 15:37:34 2023 daemon.notice netifd: Interface ‘wgserver’ is now up
Thu Apr 20 15:37:34 2023 daemon.notice netifd: Network device ‘wgserver’ link is up
Thu Apr 20 15:37:35 2023 user.notice mwan3[9105]: Execute ifup event on interface wgserver (wgserver)
Thu Apr 20 15:37:35 2023 user.notice mwan3[9105]: Starting tracker on interface wgserver (wgserver)
Thu Apr 20 15:37:36 2023 user.notice firewall: Reloading firewall due to ifup of wgserver (wgserver)
Thu Apr 20 15:40:32 2023 daemon.notice netifd: Network device ‘wgserver’ link is down
Thu Apr 20 15:40:32 2023 user.notice mwan3[16912]: Execute ifdown event on interface wgserver (unknown)
Thu Apr 20 15:40:32 2023 daemon.notice netifd: Interface ‘wgserver’ is now down
Thu Apr 20 15:40:32 2023 user.notice firewall: Reloading firewall due to ifdown of wgserver ()
Thu Apr 20 15:40:48 2023 daemon.notice netifd: Interface ‘wgserver’ is setting up now
Thu Apr 20 15:40:48 2023 daemon.notice netifd: Interface ‘wgserver’ is now up
Thu Apr 20 15:40:48 2023 daemon.notice netifd: Network device ‘wgserver’ link is up
Thu Apr 20 15:40:48 2023 user.notice mwan3[18315]: Execute ifup event on interface wgserver (wgserver)
Thu Apr 20 15:40:48 2023 user.notice mwan3[18315]: Starting tracker on interface wgserver (wgserver)
Thu Apr 20 15:40:50 2023 user.notice firewall: Reloading firewall due to ifup of wgserver (wgserver)
"

WolfPackTackle · April 21, 2023, 12:56am

Also to clarify both devices are MT3000, and both networks which the wireguard VPN doesnt work have different modems and routers, so I would be surprised if its a specific network config.

They are both home networks with nothing special about them.

alzhao · April 21, 2023, 6:53am

Pls make sure you are using 4.2.1 GL.iNet download center

If not you can download and upgrade manually.

If still having this issue, maybe @hansome can have a remote check.

SmurfonToast · April 21, 2023, 6:56am

Any improvement when changing this setting that helped me?

hansome · April 22, 2023, 11:14am

In your first post, the screenshot shows that the tunnel has been established successfully. Therefore, it could be a routing issue on the client side.

Could you please provide the output of the following command:

ip route

In addition, please provide a screenshot of the WireGuard client status page. As @SmurfonToast mentioned, are you using Auto Detect mode? Generally, a global proxy is a more common use case.

WolfPackTackle · April 24, 2023, 6:17pm

@alzhao - I will confirm and make sure they are running 4.2.1

@SmurfonToast - I dont think so, as I am not running in repeater mode, and I think autodetect is already selected, but I will confirm.

@hansome - Where do I run that command from? should I SSH onto the device and run it from there?
I will confirm the auto detect mode when I get home. Here is a pic of the client status:

hansome · April 25, 2023, 2:43am

SSH onto the device and run the command.
Could we start a remote desk session? Please PM me.

thatproudad · April 26, 2023, 10:03pm

I’m having the exact same issue
I’m in pppoe ethernet mode straight into my isp modem. Driving me crazy

hansome · April 28, 2023, 10:45am

Have you setup wireguard client using app?

Please try setting wireguard client MTU to 1380:

and toggle off and on.

WolfPackTackle · April 28, 2023, 1:48pm

Ok. there was an update, but confirmed router is on 4.2.2
MTU is set to 1380
Proxy is set to auto detect

This is the result of IP route when wireguard server is off:
10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.10
10.8.0.0/24 dev ovpnserver proto static scope link
192.168.8.0/24 dev br-lan proto kernel scope link src 192.168.8.1
192.168.9.0/24 dev br-guest proto kernel scope link src 192.168.9.1 linkdown

and when wireguard server is on, when client is connected:
default via 10.0.0.1 dev eth0 proto static src 10.0.0.10
10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.10
10.0.0.0/24 dev wgserver proto kernel scope link src 10.0.0.1
10.8.0.0/24 dev ovpnserver proto static scope link
192.168.8.0/24 dev br-lan proto kernel scope link src 192.168.8.1
192.168.9.0/24 dev br-guest proto kernel scope link src 192.168.9.1 linkdown

WolfPackTackle · April 28, 2023, 1:51pm

Also I am using the wireguard phone app to try and connect.

Same as before though as soon as I connect with my phone via cell connection, the entire network coming out of the MT3000 in the house comes to a halt for some reason

WolfPackTackle · April 28, 2023, 2:09pm

Could it do with the fact that the main home router is using a 10.0.0 subnet, while this one is using 192.168.8?

pronto · April 28, 2023, 5:48pm

Try changing the WireGaurd Client Listen port on the router.

I have a Beryl AX and Opal

and for some reason when the WG Client listen port got set to 31458 i was not able to connect to my WG Server.

something like in the 23000 range

Client config on router:

[Interface]
Address = client ip
ListenPort = 23232
<<rest of config>>

EddieA · April 29, 2023, 6:59am

There is no reason to supply a Listening port for a Wireguard client. Unless you have a brain dead firewall that you have to open the port in.

hansome · April 29, 2023, 11:26am

I fount that your wan IP range is the same as wirguard tunnel IP. Please change wireguard server IP range and export and import to client.
Also please use global proxy mode instead of auto detect mode at client side.

hansome · April 29, 2023, 11:34am

Does your network need port forward?
Please try to change MTU, remove listen port, or wireguard server IP range.

WolfPackTackle · May 1, 2023, 12:50pm

This solved the problem! changed the config IP and recreated the cleint profiles.Everything started working as expected. thank you again!!