WireGuard

[Robert57]

Since the new Merlin update, I can no longer access the internet with Wireguard. Neither with my Windows PC nor with my Android mobile.
Can anyone help me?

 

[ColinTaylor]

Can anyone help me?

Not really as you've provided no information.

What update?
For which router?
Is the WireGuard client installed on the router or the devices?
Have you checked the logs? Are there any error messages?
How are your router and devices configured?
If you think it's related to an update have you tried going back to the previously working version?

 

[Robert57]

Update 3006.102.5.0
Router RT-BE88U
After importing the WireGuard data via QR code on my mobile or via file on my PC and subsequently starting it up, no data is coming in or going out. No access to the internet.
No, I have not yet reverted to an older version.

 

[Ripshod]

Router RT-BE88U

No need to revert the firmware - wireguard is working. There is something wrong with either your config file (possible), or your router config (likely).
How are you directing clients through the wireguard client (VPN Director)?

 

[ColinTaylor]

Update 3006.102.5.0
Router RT-BE88U
After importing the WireGuard data via QR code on my mobile or via file on my PC and subsequently starting it up, no data is coming in or going out. No access to the internet.
No, I have not yet reverted to an older version.

So your client devices are connecting to your home router which is running the WireGuard server?

Are you testing this when the clients are outside of your home network. In other words, are you sure that your clients are not directly connected to your home network when you do the test?

Are your client devices Apple? There's a note when enabling the WireGuard server that says:

 

[Ripshod]

My bad, got it all the wrong way around. Apologies.

 

[Robert57]

First of all, I would like to thank you for your support.
But I would like to add something about myself:
I am a complete novice when it comes to these things.
I wanted to set up WireGuard according to the documentation https://www.asus.com/support/faq/1048280.
I thought this would be quite simple.
I thought it would be quite simple.
I think I was wrong.
There is nothing there about VPN Director entries.
After setting it up, I can enter the data (configuration) into my WireGuard app, but then I can't connect either via Wi-Fi or the public network.

 

[Robert57]

Just a note. I have enabled the port forwarding entries on 51820 UDP.

 

[jksmurf]

There is nothing there about VPN Director entries.

I use WG (as a fallback to Tailscale) and I have never needed to configure VPN Director to make it work for simple access.
It is simple. I suggest you do not enter the data into your app, just export a profile (wgs_client.conf) from the Router setup then import it into your app. I use the same profile on Windows Desktop app and in iOS.

Windows: https://www.wireguard.com/install/
ioS: https://apps.apple.com/us/app/wireguard/id1441195209

I do not have any special port forwarding enabled in the Router.

It will not get through CGNAT though, if that is all that is offered by your ISP. Tailscale will, but otehrise WG as a standard setup is pretty painless these days (famous last words..,).

Only allowed 5 pics here but under Advanced Settings I have Allow DNS=Enabled, Enable NAT-IPv6=Enabled, Pre-Shared Key=DISABLED.

The keys generate themselves BUT if you renew you must export a new .conf file.

Often you will see 0.0.0.0/0 in the clients Allowed IPs field; this will “route all IPv4 traffic from the client through the VPN tunnel to the server, allowing access to any destination on the internet”.

 

[jksmurf]

So your client devices are connecting to your home router which is running the WireGuard server?

Are you testing this when the clients are outside of your home network. In other words, are you sure that your clients are not directly connected to your home network when you do the test?

Are your client devices Apple? There's a note when enabling the WireGuard server that says:
View attachment 68079

Interesting, I never saw that note before, but as above, I just input the details I have shown in to the Server Setup on the Router (where not auto-populated), export the WG conf file, import it into iOS and Windows and enable it; connected. I am guessing one of those items is the server (where it says DNS Server...).

 

[ColinTaylor]

Just a note. I have enabled the port forwarding entries on 51820 UDP.

Port forwarding on the router (WAN - Virtual Server / Port Forwarding)??? Do not do this. That port is used by WireGuard, it shouldn't be forwarded anywhere.

Ignore the previous reference to VPN Director, that does not apply to you.

 

[Ripshod]

Just a note. I have enabled the port forwarding entries on 51820 UDP.

If the wireguard server is on your router you don't need to do any port forwarding - the router deals with this itself. Port forwarding is to open up other devices on your network to the internet and forwarding 51820 will actually interfere with (block) the functioning of your wireguard server.

 

[Robert57]

Thank you VERY MUCH. The last tip did the trick!!!!!!
I had also entered 51820 udp in the port forwarding!!!!

Thank you all very much for your help!!!!