this post was submitted on 04 Mar 2024
6 points (87.5% liked)

homelab

6648 readers
12 users here now

founded 4 years ago
MODERATORS
 

I've gone through this process a few times over the last week since trying out WireGuard, and for the most part it's been seemless. There's hiccups here or there, but normally just me misconfiguring my keys/ config file.

Typically on the client (my phone, tablet, etc) there is an option to generate the key pairs. I'll then put the public one on my peer definition in pfsense, and away we go.

With this GL.iNet router however, there is no option (that I see) to generate the key pairs.. so I think the problem I'm running into is that they are not matching/ expected when the negotiation with my firewall happens.

How can I go about generating these keypairs? Has anyone had this issue with GL.iNet?

EDIT: After finding a post from GL.iNet staff advising to not have a Listening port in the Peer section, and to set the MTU to around 1300, I have everything working as expected.

top 4 comments
sorted by: hot top controversial new old
[–] sxan@midwest.social 3 points 8 months ago (1 children)

I've only used my GL.iNet router with Mullvad, and I assume you're going through the manual configuration for WireGuard part of the UI? Have you found the scan qr/upload config/manual input config part? From as far as I've tried it, it's like setting up any WireGuard endpoint - you have to give it the same sort of config file you'd give wg-quick, including subnet, hosts, etc - the same place you'd put your pk.

Generate the config file on a different computer and upload it through the UI.

[–] root@lemmy.world 2 points 8 months ago

Hey there,

Yeah I'm doing it manually, and I did try importing the config from pfsense, however it would say import successful and then "Failed" at the bottom, lol. I did end up getting it working after finding a post from the staff mentioning that you should not put a listening address on the Peer and you should set a manual MTU of like 1300 which worked for me.

[–] ad_on_is@lemmy.world 2 points 8 months ago (1 children)

I'm not familiar with the GL, but I've configured some WG connections (purevpn) on my opnsense, and I recall using echo privatekey | wg pubkey to generate a public key from a private key for WG.

I hope this helps somehow.

[–] root@lemmy.world 1 points 8 months ago