What's new

AX86S Wireguard-Problem

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Funnyland123

Regular Contributor
Hello, I got the AX86S and the latest original firmware on it directly from Asus.

This also works with Wirguard, as soon as I have uploaded the config, everything in the Wireguard network has it.

Now I've played the latest Merlin on it and then made a factory reset and even a hard reset, but there's a problem.

If I import the config under Merlin, everything is accepted and Wireguard starts. But all devices are still without VPN because they have not yet been assigned in the VPN Director.

If I enter 192.168.50.1/24 there, the VPN is assigned but the Internet is suddenly gone. It shows that it is connected but the internet doesn't work.

Only when I delete everything again is the internet back.

Does anyone have an idea what's going on there
 
Last edited:
You need to post a lot more info for people to help you - what is the subnet address for your client machine? What is the subnet address for the server LAN? What is the config on both client and server?
 
So everything is set Client Wireguard / Openvpn everything off.

Otherwise everything is still on the basic setting, the fresh reset
 

Attachments

  • Bildschirmfoto 2023-04-21 um 15.15.01.png
    Bildschirmfoto 2023-04-21 um 15.15.01.png
    65.7 KB · Views: 56
  • Bildschirmfoto 2023-04-21 um 15.15.14.png
    Bildschirmfoto 2023-04-21 um 15.15.14.png
    44.6 KB · Views: 59
  • Bildschirmfoto 2023-04-21 um 15.15.30.png
    Bildschirmfoto 2023-04-21 um 15.15.30.png
    95.3 KB · Views: 65
  • Bildschirmfoto 2023-04-21 um 15.15.46.png
    Bildschirmfoto 2023-04-21 um 15.15.46.png
    26.5 KB · Views: 57
  • Bildschirmfoto 2023-04-21 um 15.16.27.png
    Bildschirmfoto 2023-04-21 um 15.16.27.png
    56.2 KB · Views: 57
So everything is set Client Wireguard / Openvpn everything off.

Otherwise everything is still on the basic setting, the fresh reset
Try to set:
enable nat=yes
Inbound firewall=block

As this is an internet client it would be normal to drop everything that does not come from the ip given in the config file. Nat should take care of that.
Also since internet is on the other side there is no reason to allow inbound access.
 
Try to set:
enable nat=yes
Inbound firewall=block

As this is an internet client it would be normal to drop everything that does not come from the ip given in the config file. Nat should take care of that.
Also since internet is on the other side there is no reason to allow inbound access.
uhhh

nat = enable yes
Incoming firewall=block

everything is set as you can see in the pictures.

Or have I misunderstood something?
 
uhhh

nat = enable yes
Incoming firewall=block

everything is set as you can see in the pictures.

Or have I misunderstood something?
Im sorry, perhaps I misread your picture.

Are you really getting a /16 address in your config file? I dont think I have ever seen that before.

Your problem implies that something did not go ok when importing the config. Try to open it with I e notepad or some other plain text editor and look through that all fields are filled in correctly.
 
Sorry - I am still a little confused. It looks like you have a private IP range for your WAN IP. That implies that you are behind another router - or am I seeing that wrong?
 
Im sorry, perhaps I misread your picture.

Are you really getting a /16 address in your config file? I dont think I have ever seen that before.

Your problem implies that something did not go ok when importing the config. Try to open it with I e notepad or some other plain text editor and look through that all fields are filled in correctly.
Yes, it is directly from the provider (Surfshark) with /16 when I look at Nordvpn as a test, it is also 16 there

#
# Use this configuration with WireGuard client
#
[Interface]
Address = 10.14.0.2/16
PrivateKey = -----------------------------------
DNS = 162.252.172.57, 149.154.159.92
[Peer]
PublicKey = ----------------------------------------
AllowedIPs = 0.0.0.0/0
Endpoint = 89.36.76.53:51820

or

#
# Use this configuration with WireGuard client
#
[Interface]
Address = 10.14.0.2/16
PrivateKey = -------------------------------
DNS = 162.252.172.57, 149.154.159.92
[Peer]
PublicKey = ------------------------------
AllowedIPs = 0.0.0.0/0
Endpoint = 91.199.118.56:51820

and Nordvpn

#
# Use this configuration with WireGuard client
#
[Interface]
Address = 10.5.0.2/16
PrivateKey = -------------------------
DNS = 103.86.96.100,103.86.99.100
[Peer]
PublicKey = --------------------------
AllowedIPs = 0.0.0.0/0
Endpoint = 194.233.96.248:51820
PersistentKeepalive = 25
 
If the config import looks ok you will need to dig alittle deeper.

Have you tried other configs in merlin that works?

Have you tried this exact config on other things like your phone to see that the config file is active and working?

While connected to wg peer and your vpn rule for your lan is active:
- can you access router gui?
- can you run a speed test in the router?
- from your lan clients, can you ping an ip, like 8.8.8.8?
- can you ping a domain, like google.com?
 
If the config import looks ok you will need to dig alittle deeper.

Have you tried other configs in merlin that works?

Have you tried this exact config on other things like your phone to see that the config file is active and working?

While connected to wg peer and your vpn rule for your lan is active:
- can you access router gui?
- can you run a speed test in the router?
- from your lan clients, can you ping an ip, like 8.8.8.8?
- can you ping a domain, like google.com?
So after the 20th reinstall and all resets it seems to be working (for whatever reason).

Everything you asked is fine.

But I noticed that the flat share is on, everyone has "Sonoff":


lose connection after 60 seconds and then reconnect every 60 seconds.

Since the parts only run on 2.4 GHz, I have already searched there with channel change and also AX. Unfortunately without success.

If I switch off flat shares - problems go away.

But I have now found that it is also with Openvpn and even without VPN that the parts lose the connection. 3 meters from the router
 
Last edited:

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top