Skip to content

Set Up WireGuard Server on GL.iNet Routers

WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN.

Make sure you have a public IP address

Please check if your Internet Service Provider assigns you a public IP address here.

If not, your router cannot be set as the WireGuard Server.

Alternative methods:

  1. If you have a main router, you shall login to it and check if it gets the Public IP from your ISP.
  2. Ask your ISP for a Public IP address. It may require an extra fee.
  3. If the above two ways don't work, for example, if you are in a CGNAT, you can take the reverse proxy method such as Astrorelay. Alternatively, you may try an SDWAN solution - AstroWarp.

Confirm if Port Forwarding is required

Network Topology

GL.iNet is the Main Router
  • If GL.iNet router is the main router in your network, this is simple, please move to the next step.
GL.iNet is the Sub-Router

  • If you already have a main router, then the GL.iNet router is under the main router, you may need to setup a port forwarding on the main router.

  • If you already have a main router, the GL.iNet router is several levels below it and you need to set up port forwarding on each level.

Setup WireGuard Server

Access to web Admin Panel, on the left side -> VPN -> WireGuard Server.

  1. Click Generate Configuration (for vpn server initial setup only).

    wireguard server generate configuration

  2. Apply the configuration.

    The default configuration works for most cases.

    If you find that the IPv4 address conflicts with your upstream router's gateway, modify the address to others such as 10.1.0.1/24 and click Apply. Ensure the "/24" subnet mask is included to avoid connectivity issues.

    wireguard server apply configuration

    For example, if you use an Xfinity router in the upstream of GL.iNet router, the Xfinity router's IP might be 10.0.0.1, which will be same as our WireGuard Server IP, then you will need to do the above changes.

    xfinitygateway

  3. Add a profile.

    Switch to Profiles tab, generate a profile for your device by clicking the Add button.

    wireguard server profiles

    Enter a descriptive name.

    wireguard server profile setting

    If you need to set advanced settings, click Set More.

    wireguard server profile advanced setting

    Click Apply to continue. It will generate a profile.

    download wireguard client configuration

    If your network's public IP changes from time to time, you can enable DDNS by using DDNS domain in the configuration.

    Click Download to save the profile.

  4. Start WireGuard server.

    Click the Start button in the upper right corner to start WireGuard server. Go to VPN Dashboard page to check its status and other settings.

    start wireguard server

Check if WireGuard Server is working properly

Many people assume that the server has been successfully established as soon as they see it started, but in fact, it is not.

Even if you forward the wrong port or address, the server can still run.

wgconnected

To verify if the WireGuard Server is functioning properly, use another device on a separate network and import the previously exported WireGuard configuration to test connectivity and check the assigned IP address.

The simplest method is to use a smartphone with the official WireGuard App installed. First, disable the phone’s Wi-Fi and connect exclusively to the internet via cellular data (3G/4G/5G). Then launch the WireGuard app, import the pre-exported configuration file, and initiate the connection. Confirm whether the phone gains internet access and whether its IP address matches the WireGuard Server’s IP.

If the connection fails, there are several common reasons:

  • The Internet Service Provider doesn't assign you a public IP address. Please check here.
  • You may need to set up port forwarding. Please check here.
  • The port you are using for WireGuard Server is blocked by the Internet Service Provider.Change to another port, or contact the Internet Service Provider for further assistance.
  • Some countries/regions may block the VPN connection.

WireGuard Client App

Please refer to WireGuard Official Website: https://www.wireguard.com/install

WireGuard® is a registered trademark of Jason A.Donenfeld.

Still have questions? Visit our Community Forum or Contact us.