What's new

I cannot setup Wireguard on my AX6000

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

pippo_105

New Around Here
Hi everyone, this is my first post here.

I'm not a real expert but rather a discrete enthusiast. I've been using Asus routers for several years (obviously with Merlin inside) and as a VPN I used OpenVPN which has always been useful to me (despite some annoyances with version changes with relative temporary incompatibilities with old clients). Now that I've purchased a GT-AX6000 I wanted to start using it as a Wireguard server (I use this program on other devices such as raspberry or online servers), but I really can't configure it on my Asus router.
I can't figure out how to configure some parts such as DNS since it doesn't seem like I can do anything during the creation of the .conf . For example, this is the content of the .conf file generated by the router:

Code:
[Interface]
PrivateKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Address = 10.6.0.2/32
DNS = 10.6.0.1


[Peer]
PublicKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
PresharedKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
AllowedIPs = 0.0.0.0/0
Endpoint = 192.168.13.107:51820
PersistentKeepalive = 25

is it normal for the DNS to be 10.6.0.1 when I would like to use Google's? And why does it take 192.168.13.107 as an endpoint, which is the WAN address of my router, where instead I would like to insert the IP of my provider (or a NO-IP address or something else)? In reality, with the generated file the client I use connects to the service, but it cannot navigate the Internet or the internal LAN.
PS: obviously port 51820 is open.

Thanks to everyone for the help.
 
While agreeing with @degrub the first step should be to set up DDNS on the router. As for the DNS, it's pointing at the router, so if your router already looks up via Google, then that's where your VPN clients will look for their DNS once the router cache has been checked!
 
Hi everyone, this is my first post here.

I'm not a real expert but rather a discrete enthusiast. I've been using Asus routers for several years (obviously with Merlin inside) and as a VPN I used OpenVPN which has always been useful to me (despite some annoyances with version changes with relative temporary incompatibilities with old clients). Now that I've purchased a GT-AX6000 I wanted to start using it as a Wireguard server (I use this program on other devices such as raspberry or online servers), but I really can't configure it on my Asus router.
I can't figure out how to configure some parts such as DNS since it doesn't seem like I can do anything during the creation of the .conf . For example, this is the content of the .conf file generated by the router:

Code:
[Interface]
PrivateKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Address = 10.6.0.2/32
DNS = 10.6.0.1


[Peer]
PublicKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
PresharedKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
AllowedIPs = 0.0.0.0/0
Endpoint = 192.168.13.107:51820
PersistentKeepalive = 25

is it normal for the DNS to be 10.6.0.1 when I would like to use Google's? And why does it take 192.168.13.107 as an endpoint, which is the WAN address of my router, where instead I would like to insert the IP of my provider (or a NO-IP address or something else)? In reality, with the generated file the client I use connects to the service, but it cannot navigate the Internet or the internal LAN.
PS: obviously port 51820 is open.

Thanks to everyone for the help.
The WAN address of your router is a private IP address. Likely because your router is behind another router or your ISP does not give out public IP addresses. Wireguard server will not work until you have a public IP address.
 
Last edited:
Sorry for the wrong section.

I pay for a public IP address and indeed OpenVPN works flawlessly. My router is only behind the modem of my internet provider, but all needed ports are open. I don't think I need a DDNS if I've a public IP address, but if it's required then I'd use it. Any idea?

Thank you. 🙇🏻😁
 
Sorry for the wrong section.

I pay for a public IP address and indeed OpenVPN works flawlessly. My router is only behind the modem of my internet provider, but all needed ports are open. I don't think I need a DDNS if I've a public IP address, but if it's required then I'd use it. Any idea?

Thank you. 🙇🏻😁
OK, then the IP address in the Wireguard config needs to be the IP address you pay for. Not the WAN IP address of the router which it gets from the ISP modem/router. Might be a better idea to bridge the ISP modem/router to avoid double NAT. Or, no real need to open any ports if you put the router WAN IP address as the ISP modem/router DMZ then all ports will be open.
 
Okay, I figured it out. I didn't imagine that I had to manually edit the .conf file with the public IP and DNS: I thought I could do everything through the control panel of the Wireguard in the router. By the way, your advice was useful because at the same time I was also doing an experiment with a raspberry pi and without DMZ I couldn't get Wireguard to work (who knows what I was doing wrong, maybe tomorrow I'll check the configuration better). Thank you all so much for your help. 🙏 ;);)
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top