10418 questions

12423 answers

19289 comments

21753 members

0 votes
466 views 4 comments
by
I've managed to get wireguard working on my router via the wan ethernet port connection, but if I disable this to use the mobile 4G interface it doesn't work at all, no access to internet at all.

Ive attached my firewall zones
by

So there is definitely a connection on the Wireguard VPN, if I connect my phone to the wifi it has no internet, but if I then activate a different VPN on my phone, I can then connect to the internet.

Also checked wg on CLI and there is connection:



interface: wg
public key: 7vJ8PVDt56oZsnK
private key: (hidden)
listening port: 51820
peer: +iQWuT3wb2DCy1u
endpoint: 185.248.85.18:51820
allowed ips: 0.0.0.0/0
latest handshake: 2 seconds ago
transfer: 524 B received, 404 B sent
persistent keepalive: every 1 hour, 23 minutes, 20 seconds

Does anyone have any ideas why I cannot connect on the mobile connection, but I can on the WAN, I have set the LAN DNS to what was in the Wireguard config, but still no luck 

by
If anyone is willing to try and set this up on their own RUTX11 using 4G  to see if it works, I will send the configuration file for you to test.

Thanks
by

Hello,

Could you please generate and send me a troubleshoot file via private message so that I could investigate the issue in a little bit more detail?

What's a troubleshoot file and how to generate it?

A Troubleshoot file contains a device's event logs, configuration files and other info useful for diagnostics. It can be downloaded from your device's WebUI, Troubleshoot page:

System → Administration → Troubleshoot

Best regards,

Tomas.

1 Answer

0 votes
by
Hello,

This is unrelated to 4G, but to the inability to set both the "Endpoint address" and the "peer tunnel IP" from the GUI. The tunnel will be established correctly but the server at the other end will have no way to return data if it has multiple interfaces listening on the same port.

@teltonika: Is there a way to set this field in the relevant section in /etc/config/network ? Which syntax ?

The same configuration works fine on dd-wrt, both addresses can be set separately.
Regards,
Best answer
by
Turns out that the Wireguard MTU was too large. Works fine when set to 1360 bytes instead of the default value.