Link dump on GL.iNet and WireGuard
Posted by jpluimers on 2026/02/20
For my link archive, as these might be useful one day:
WireGuard on Gl.INet devices
- [Wayback/Archive] Use Home IP Address While Traveling with GL.iNet AX Slate, Opal, and WireGuard® VPN – YouTube
- [Wayback/Archive] WireGuard Client – GL.iNet Docs (3.x)
- [Wayback/Archive] WireGuard Client – GL.iNet Docs (3.x 2)
- [Wayback/Archive] WireGuard Client – GL.iNet Docs (4.x)
- [Wayback/Archive] WireGuard Server – GL.iNet Docs (3.x)
- [Wayback/Archive] WireGuard Server – GL.iNet Docs (4.x)
- [Wayback/Archive] GL-iNet Brume Wireless Gateway: OpenVPN, Wireguard and Blocks ads for all devices! – YouTube
- [Wayback/Archive] Where to find Wireguard Key? – Technical Support – GL.iNet
- [Wayback/Archive] Add Wireguard Client Manual Input not working – GL.iNet
- [Wayback/Archive] GL-AR300M Wireguard Client – Technical Support – GL.iNet (watch your line endings when pasting manual configuration files)
GL-AR300M
Firmware Version 3.201
My pivpn config looked like[Interface] PrivateKey = xxxAddress = 10.6.0.3/24 MTU = 1420 [Peer] PublicKey = xxx PresharedKey = xxx Endpoint = xxx:51820 AllowedIPs = 0.0.0.0/0, ::0/0I had to enter a „new line“ after line „Address =“ and before „MTU =“.With this minor change, I was able to import config file in the text-field! - [Wayback/Archive] Gl inet can we trust them becaus china is the boss – GL.iNet
- [Wayback/Archive] Wireguard and Local Subnet – Technical Support – GL.iNet
- [Wayback/Archive] LAN remote access via WireGuard connection – Technical Support – GL.iNet
NetBIOS names like “matebook” do not traverse subnets. For only 1 client PC and 1 file server PC, the easiest method is to add an entry to theC:\Windows\System32\drivers\etc\hostsfile on the client PC, to map the name to the IP address:192.168.2.116 matebook - [Wayback/Archive] Use Home IP Address While Traveling with GL.iNet AX Slate, Opal, and WireGuard® VPN – YouTube
- [Wayback/Archive] Mango! WireGuard Server + Handy App einrichten Travel Router – GL.iNet Mango – YouTube
Autostart the WireGuard client after reboot
- [Wayback/Archive] GL-AR750S no longer starts WIreguard VPN client at startup – Technical Support – GL.iNet
- [Wayback/Archive] 3.212 beta 1 – Wireguard not auto-reconnecting – Technical Support – GL.iNet
- [Wayback/Archive] Autostart Wireguard Server via switch or startup script – GL.iNet
- [Wayback/Archive] Shell command for starting and stopping wireguard server and openvpn client – GL.iNet
- [Wayback/Archive] SSH into router and disconnect Wiregurd Client – Technical Support – GL.iNet
- [Wayback/Archive] Opal Wireguard client no connection – Technical Support – GL.iNet
- [Wayback/Archive] Cloud – GL.iNet Docs
GL.iNet GoodCloud cloud management service provide an easy and simple way to remotely access and manage routers. There is a video introduction below.
- [Wayback/Archive] Experimental OpenVPN alternatives claiming better performance – Technical Support – GL.iNet
- [Wayback/Archive] VPN Speed low-middle CPU – Technical Support – GL.iNet
- aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Site-to-site VPN on GL.iNet devices
- [Wayback/Archive] AR750 site to site wireguard – Technical Support – GL.iNet
- [Wayback/Archive] How to Host an OpenVPN or WireGuard VPN Server using Brume 2 – GL.iNet
- [Wayback/Archive] WireGuard Site to Site again – Technical Support – GL.iNet
- [Wayback/Archive] Building a Site-2-Site network manually using two GL.iNet routers – Technical Support – GL.iNet
- [Wayback/Archive] Site to site VPN – Technical Support – GL.iNet
- [Wayback/Archive] Site to site with MT300n-v2 and Wireguard VPN – Technical Support – GL.iNet
- [Wayback/Archive] GL.iNet Mango Site-to-Site WireGuard Speed- / Performance Test – YouTube
WireGuard on Linux
- [Wayback/Archive] Site-to-Site VPN einfach mit WireGuard einrichten! Schritt-für-Schritt Anleitung – apfelcast
WireGuard on pfSense
- [Wayback/Archive] pfSense® software Configuration Recipes — WireGuard Site-to-Site VPN Configuration Example | pfSense Documentation
- [Wayback/Archive] Bug #11460: Adding a second peer results in Cannot allocate memory – pfSense – pfSense bugtracker
- [Wayback/Archive] Bug #11465: Input validation does not prevent multiple conflicting WireGuard peers on a single tunnel from attempting to act as default route – pfSense Packages – pfSense bugtracker
- [Wayback/Archive] Bug #12399: WireGuard v0.1.5 – Tunnel Will Never Handshake Again After WAN Reset – pfSense Packages – pfSense bugtracker
- [Wayback/Archive] Bug #13153: Static routes bound to WireGuard interfaces are not restored after down / up events – pfSense Packages – pfSense bugtracker
- [Wayback/Archive] Basic Site-to-Site VPN Using WireGuard and pfSense – YouTube
- [Wayback/Archive] How To: OpenVPN Site to Site VPN mit pfSense – Einfache Anleitung und Erklärung – YouTube
- [Wayback/Archive] WireGuard VPN Server installieren – Client-to-Server
- [Wayback/Archive] WireGuard VPN Server INSTALLIEREN #Tutorial #howto #erklärt #vpn #deutsch – YouTube
- [Wayback/Archive] WireGuard Site to Site VPN – Zwei Netzwerke sicher verbinden
- [Wayback/Archive] WireGuard Site to Site VPN – Zwei Netzwerke sicher verbinden
- [Wayback/Archive] Site-to-Site VPN – IPSec – pfSense FritzBox
- [Wayback/Archive] Tailscale Mesh VPN – Eingerichtet, Installiert und nix erklärt ! – YouTube
- [Wayback/Archive] WireGuard Site to Site VPN einrichten – Netzwerke sicher verbinden !! #VPN #SiteToSite – YouTube
- [Wayback/Archive] pfSense 2.5 WireGuard VPN Client konfigurieren und Verbindung herstellen #pfsense #wireguard #vpn – YouTube
- [Wayback/Archive] pfSense 2.5.2 New WireGuard App + Step for Step How To – YouTube
- [Wayback/Archive] pfSense Anleitung & Tutorial – YouTube
- [Wayback/Archive] pfSense with WireGuard – Guides | Mullvad VPN
- [Wayback/Archive] WireGuard Endpoints and IP Addresses | Pro Custodibus
- [Wayback/Archive] How to Build Your Own Wireguard VPN in Five Minutes
- [Wayback/Archive] What They Don’t Tell You About Setting Up A WireGuard VPN – DEV Community
WireGuard / Tailscale
- [Wayback/Archive] WireGuard vs. Tailscale · Tailscale
Tailscale is built on top of WireGuard; we think very highly of it.We designed Tailscale to make it easier to use WireGuard to secure your network connections. You might decide to use WireGuard directly, without Tailscale. This is a guide to using Tailscale vs. configuring and running WireGuard directly.…
- [Wayback/Archive] Pricing · Tailscale
Free
For personal & hobby projects- 1 user
- 20 devices
- 1 subnet router
- Secure, peer-to-peer connections
- SSO and MFA
- Sharing, MagicDNS, and more
AstroRelay (note this is operated by GL Intelligene, a close party to GL.iNET)
Before posting links, two very important things to keep in mind:
- AstroRelay is basically a combination of a tunnel with port forwarding where the ports are on the internet protected by the access control you configure on the AstroRelay web portal.
So if you consider using AstroRelay, you need to trim access down very much *and* trust that access control is correctly implemented by AstroRelay.Although AstroRelay makes access very simple, if you or AstroRelay makes mistakes in implementing access control, you have a wide open door for others to enter your systems. - Theire relay is free for 1GB (not sure if that is gigabyte or gibibyte) per lifetime of your account.
Anyway, here are the AstroRelay links:
- [Wayback/Archive] AstroRelay – Secure Tunnel for Remote Accessing Your Devices
Create Public URIs to
Remote Configure Your Routers & Gateways
Remote SSH to your routers & gateways for running diagnostics, configure settings and perform maintenance.-
Configure a Domain for your Links, and install Agents on your client devices.
- Client device can be routers, Raspberry Pis, Linux Systems etc.
- Readymade templates and user-friendly interface
-
Register your devices on AstroRelay, assign unique Links (URIs) and access restrictions for your devices.
- For remote SSH, RDP, Redirecting to HTTPS, and more.
- Include IP access restrictions
-
Use your Links (URIs) to remote access your devices, even under 4G LTE network.
- Access behind Carrier NAT
- Remote access without public IP
FREE PLAN
- Max. 1 Domains
- Max. 5 Agents
Max. 2 links
-
- [Wayback/Archive] Contact Us – AstroRelay
- [Wayback/Archive] AstroRelay – Secure Tunnel for Remote Accessing Your Devices: About
- [Wayback/Archive] AstroRelay – Secure Tunnel for Remote Accessing Your Devices: Terms of Service
AstroRelay means GL INTELLIGENCE, INC. and its affiliates.
- [Wayback/Archive] AstroRelay – Secure Tunnel for Remote Accessing Your Devices: Privacy Policy
- [Wayback/Archive] AstroRelay data-usage … … for what exactly? 1GB free – GoodCloud and Astrorelay – GL.iNet
alannts425
Sep ’22
Did the 1gb free usage will refresh on every month? Or need to top up once is utilized?alzhao
GL.iNet Staff
Sep ’22
It is accumulated, not per month. - [Wayback/Archive] AstroRelay Remote Access Tool- First Time Setup – YouTube (which does NOT explain how to restrict access to the open ports)
For installation of the AstroRelay Client on GL.iNet routers a script is generated that downloads a software package and creates a configuration file which you need to run as root; there is no mechanism to keep the software package up-to-date.
The installation is by piping a shell script to ash like this:
cat<<'#INSTALL' | ash curl https://console.astrorelay.com/download/OpenWRT/1806/arc_1.0.0-1806_mips_siflower.ipk -o arc.ipk opkg update opkg remove arc opkg install arc.ipk rm arc.ipk cat<<'#CFG' | openssl enc -base64 -d > /etc/astrorelay/arc.cfg QXN0cm9SZWxheUNsaWVudDxDb25maWc+ ... LAoJT3JjaGVzdHJhdG9yUG9ydDogMjQzOSwKCUNBRmlsZTogIi9ldGMvYXN0cm9yZWxheS9jYS5w ZW0iLAoJQWxsb3dBbGxMaW5rczogdHJ1ZSwKCUNvbW1hbmRDaGVja0ludGVydmFsTVM6IDIwMDAw LAoJQ29ubmVjdGlvblRpbWVvdXRNUzogMjUwMCwKCUNvbW1hbmRUcmFuc2ZlclRpbWVvdXRNUzog MzAwMCwKCUxpbmtUcmFuc2ZlclRpbWVvdXRNUzogNjAwMDAwLAoJQnVmZmVyU2l6ZTogODAwMAp9 Cgo= #CFG /etc/init.d/arc restart #INSTALL
Hopefully by now AstroRelay have increased their maximum password length as back early 2023 that was just 12 digits long which I posted in [Wayback/Archive] Thread by @jpluimers on Thread Reader App:
- [Wayback/Archive] Jeroen Wiert Pluimers @wiert@mastodon.social on Twitter: “It looks like that @GLiNetWiFi have put their AstroRelay service for providing a “Secure Tunnel for Remote Accessing Your Devices” into the Password Requirements Hall of Shame, don’t you think @PWTooStrong? “The password can not be greater than 12 digits” does not match green 1/”
- [Wayback/Archive] Jeroen Wiert Pluimers @wiert@mastodon.social on Twitter: “@GLiNetWiFi @PWTooStrong Especially not in the green when requiring a maximum of “12 digits” instead of “12 characters” as a year ago during the 2022 @hivesystems investigation, it took about 2 seconds to crack such passwords.”
[Wayback/Archive] Hive Systems: Are Your Passwords in the Green? from my earlier blog post Generating random strings for passwords and uuids/guids on both Windows and Linux using base64 and hex encoding
Fun results
The first query below returned an OpenVPN question recommending to look at WireGuard: [Wayback/Archive] Any ideas on how to create an openvpn server/network on my home router with a dynamic IP? : selfhosted
It also got me product recommendations like in [Wayback/Archive] Best router for Wireguard out of the box? | SmallNetBuilder Forums.
To me this was funny because I already had a product (:
Clearly my first query was to broad as it returned also this conceptual question [Wayback/Archive] How do people access these servers off of their home network (or do they not?). … | Hacker News. Despite not answering my question, it was interesting to see what options other people were using.
The second query did not return any WireGuard results, only results like:
Queries
- [Wayback/Archive] “gl.inet” “pfsense” site to site wireguard “peer to peer” – Google Search
- [Wayback/Archive] “gl.inet” “openvpn” “peer to peer” – Google Search as I wanted to know when the above WireGuard query returned OpenVPN results, the other way around would return WireGuard results.
- [Wayback/Archive] “gl.inet” “wireguard” site to site – YouTube
- [Wayback/Archive] gl.inet wireguard setup youtube – Google Search
- [Wayback/Archive] gl.inet wireguard manually enter ip private key – Recherche Google
- [Wayback/Archive] “gl.inet” “wireguard” “manual input” – Recherche Google
- [Wayback/Archive] gl.inet wireguard client – Google Search
- [Wayback/Archive] gl.inet wireguard client automatic start – Google Search
- [Wayback/Archive] “gl.inet” “/etc/init.d/wireguard start” – Google Search
- [Wayback/Archive] pfsense wireguard peer to peer – Google Search
- [Wayback/Archive] pfsense wireguard ping other end of tunnel – Google Search
- [Wayback/Archive] pfsense wireguard [Interface] PrivateKey = Address = DNS = [Peer] PublicKey = ********************************************* PresharedKey = ****************************************** Endpoint = xxxxxx.no-ip.org:51820 AllowedIPs = 0.0.0.0/0, ::0/0 – Google Search
- [Wayback/Archive] wireguard do both sides need public ip – Google Search
- [Wayback/Archive] gl.inet wireguard server which local ip – Google Search
- [Wayback/Archive] wireguard site to site gl.inet – Google Search
- [Wayback/Archive] “site to site” “wireguard” “gl.inet” – Google Search
- [Wayback/Archive] Raspberry Pi Cloud – YouTube: search pfsense wireguard
- [Wayback/Archive] wireguard site to site – Google Search
- [Wayback/Archive] WireGuard Site to Site Configuration | Pro Custodibus
- [Wayback/Archive] tailscale vs wireguard – Google Search
- [Wayback/Archive] astrorelay 1gb free – Google Search
- [Wayback/Archive] gl.inet chinese – Google Search
–jeroen
[Wayback/Archive] AstroRelay Remote Access Tool- First Time Setup – YouTube
The Wiert Corner - irregular stream of stuff 
Leave a comment