Setting up WireGuard Server and Connecting — No access.

[Skeptical.me]

I'm having trouble setting up the WireGuard Server and connecting to it via my iPhone using the WireGuard (client) app, over a 5G connection.

The connection appears to be established, but I have no access to private IP's and no access to internet connectivity.

I have followed the instructions on this page:

[Wireless Router] How to set up WireGuard® VPN server?

And I'm still having trouble.

I've successfully used Instant Guard, but I would like to try WireGuard server.

Does anyone have any advice?

 

[ZebMcKayhan]

The connection appears to be established, but I have no access to private IP's and no access to internet connectivity.

How can you tell the connection are established? Does the handshake timer gets reset every 2 min? Do you see both rx and tx data?


Can you access router gui if you use the ip address (192.168.50.1?)?

 

[sfx2000]

There was another thread regarding iPhone - in that scenario, it was OpenVPN client...

How are you loading the wireguard config file onto the iPhone?

 

[Skeptical.me]

How can you tell the connection are established? Does the handshake timer gets reset every 2 min? Do you see both rx and tx data?


Can you access router gui if you use the ip address (192.168.50.1?)?

Sorry, I assumed it was connected ... here is what I see:

And, no ... I can't access 192.168.50.1

 

[Skeptical.me]

There was another thread regarding iPhone - in that scenario, it was OpenVPN client...

How are you loading the wireguard config file onto the iPhone?

Scanning the QR code.

 

[ZebMcKayhan]

Sorry, I assumed it was connected ... here is what I see:

View attachment 54315


And, no ... I can't access 192.168.50.1

Then I would assume you are not connected. Are you sure the server is actually enabled?

Do you have a fixed public IP? Or do you use ddns? Does your endpoint appear ok in wireguard config?

 

[Skeptical.me]

Then I would assume you are not connected. Are you sure the server is actually enabled?

Do you have a fixed public IP? Or do you use ddns? Does your endpoint appear ok in wireguard config?

Yes the WireGuard server was enabled.

I have a static IP, but I tried it with both DDNS, and IP.

The end point looks fine.

I understand that my fibre connection has CG-NAT enabled (but it may not because I set the IP to static 3 days ago), Could that be the problem?

 

[ZebMcKayhan]

I understand that my fibre connection has CG-NAT enabled (but it may not because I set the IP to static 3 days ago), Could that be the problem?

Maybe you need to clear this out making sure you have a publically routeable ip address that accept new inbound connection.

 

[Skeptical.me]

Maybe you need to clear this out making sure you have a publically routeable ip address that accept new inbound connection.

I figured it out, my provider, Aussie Broadband, have port blocking enabled on my connection. So after everyone is asleep, I'll disable it in the portal (because I'll lose connectivity for up to 10 minutes). I just hope Skynet is good enough to keep my connection safe.

 

[ZebMcKayhan]

I just hope Skynet is good enough to keep my connection safe.

Your firewall should have no problems blocking unwanted inbound access, but if you have the possibility to only open wg port that would add additional protection.

 

[Skeptical.me]

Your firewall should have no problems blocking unwanted inbound access, but if you have the possibility to only open wg port that would add additional protection.

I got the WireGuard connection for private IPs to work using port 81 … port 51820 just won't work for some unknown reason. But there's no internet connectivity, even though I have the “Access Internet” option enabled in the WireGuard Server.

 

[ZebMcKayhan]

I got the WireGuard connection for private IPs to work using port 81 … port 51820 just won't work for some unknown reason. But there's no internet connectivity, even though I have the “Access Internet” option enabled in the WireGuard Server.

I thought the firmware restricted other apps from bindning to ports <1024... weird. But if it works to access lan client's it works I guess... not sure if there are any downsides of this.

Could you check if you have dns issue or internet issue? Try to ping i.e 8.8.8.8 or something...

 

[Skeptical.me]

I thought the firmware restricted other apps from bindning to ports <1024... weird. But if it works to access lan client's it works I guess... not sure if there are any downsides of this.

Could you check if you have dns issue or internet issue? Try to ping i.e 8.8.8.8 or something...

Well, suddenly my WireGuard and OpenVPN clients on my router wouldn't connect, so I did a hard reset of the router and started from scratch. Everything is working well now, the WireGuard app on my iPhone is connecting to the WireGuard server on the RT-AX88U. Thanks for your replies.

 

[Eduardomo]

Same issue for me.
Before works perfect but now does not respond from WAN.
By te way openVPN server works perfect with same clients.

 

[Skeptical.me]

Same issue for me.
Before works perfect but now does not respond from WAN.
By te way openVPN server works perfect with same clients.

The only way I resolved this issue was to do a hard reset of the router. It's a pain to do but it is necessary every now and again.

 

[Eduardomo]

The only way I resolved this issue was to do a hard reset of the router. It's a pain to do but it is necessary every now and again.

The most curious thing is that I have additionally configured the entware wg server and it works, while the gui wg server does not.

 

[bennor]

Same issue for me.
Before works perfect but now does not respond from WAN.
By te way openVPN server works perfect with same clients.

What router model?
What firmware version?
What mobile device and it's OS?
Is the mobile device using 5G or something else?

The default Wireguard server settings are working on a RT-AX86U Pro with 3004.388.5 and now 3004.388.6_beta1. WAN side Wireguard client (Android cellphone 4G) can access LAN clients.

 

[Eduardomo]

Router RT-AX86U with 3004.388.5.
The issue is with any cellphone or PC, linux or w$.
In fact, when I do a reset to defaults and configure for first time it works, but after a while not. Only tx packets but 0 RX.
I've tested installing another wireguard server on a Linux PC into my LAN and everybody can connect like a charm. even installing the amtm wg server and works a time but only at the beginning.
I've installed also the wg client to connect to Nordvpn and works well, all traffic can be redirect to it but not the wg server.
I go to install the beta firm to test, tomorrow will post the results. Thanks a lot.

 

[bennor]

In fact, when I do a reset to defaults and configure for first time it works, but after a while not. Only tx packets but 0 RX.

What does the router system log show? Does it indicate any sort of issue or error with the wireguard server or wireguard clients connecting to the wireguard server?
PS: Maybe experiment with the Persistant KeepAlive option in the Wireguard Server Advanced section to see if a different value fixes your issue.

 

[Eduardomo]

What does the router system log show? Does it indicate any sort of issue or error with the wireguard server or wireguard clients connecting to the wireguard server?
PS: Maybe experiment with the Persistant KeepAlive option in the Wireguard Server Advanced section to see if a different value fixes your issue.

I can't locate any error message...