Wireguard Tunnel on Fire TV 4k MAX not working. Where is the error?

cdsw · January 24, 2023, 12:08pm

First of all: This is not strictly a DIETPI issue. My past experience is just, that here are highly skilled IT People and i hope im getting some hints/help, where the issues is. BUT i dont not expect any help. thanks for reading:

So i have following setup:

Router: Asus RT-AX86U
→ This has a Wireguard Server Function. So you can run a Wireguard Server out of the box.

Client: Amazon Fire TV 4K Max
I using the latest available .apk from the wireguard website. It links to the f-droid store and i used Version 1.0.20220516 (492)

So what i did until now:

I went to my asus router page, and used the Wireguard VPN Server Tab to create .conf files to connect with my client to the wireguard server.
First i tested a .conf file with my iphone and it worked perfectly. icould import the .conf file in the official wireguard client for iOS
than i created another .conf files designated for the fire tv stick 4k MAX.
I installed via f-droid and the Downloader app the wireguard client apk.

Result:
→ During Import of the .conf file i get the error:

Unable to import tunnel: Unknown section in Config

Here a screenshot: Bild-2023-01-24-112158883 hosted at ImgBB — ImgBB

That is in the .conf file:
PASTEBIN

For me that looks all normal? I ofc deleted my keys for privacy reasons.

What is my issue and can it get fixed? Online it seems that many people report, that using wireguard with a fire tv device works.

I tested it on a second device: Fire TV Cube (2nd Gen) and got the same error

HolgerTB · January 24, 2023, 2:46pm

Maybe it’s a hidden character like blank or tab which is in the config file. You may check this an remove carriage returns, blanks etc.

This could be a reason. Maybe the parser is a bit piggy…

cdsw · January 24, 2023, 4:00pm

first of all thank you for your feedback!

The Problem is, that i just have this vanilla file from my asus router. i do not have a comparison file, which i know how the structure etc should be.

Is there some examples? The wireguard website did not provide such a thing

Joulinar · January 26, 2023, 11:09am

the file looking good. We basically have the same file on plain Wiregaurd install

[Interface]
Address = 10.9.0.2/24
PrivateKey = Yxxx=

# Comment the following to preserve the clients default DNS server, or force a desired one.
DNS = 10.9.0.1

# Kill switch: Uncomment the following, if the client should stop any network traffic, when disconnected from the VPN server
# NB: This requires "iptables" to be installed, thus will most likely not work on mobile phones.
#PostUp = iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
#PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT

[Peer]
PublicKey = Dxxx=
# Tunnel all network traffic through the VPN:
#	AllowedIPs = 0.0.0.0/0, ::/0
# Tunnel access to server-side local network only:
#	AllowedIPs = 192.168.0.0/24
# Tunnel access to VPN server only:
#	AllowedIPs = 192.168.0.11/32
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = your.ddns.com:51820

# Uncomment the following, if you're behind a NAT and want the connection to be kept alive.
#PersistentKeepalive = 25

cdsw · February 14, 2023, 9:55pm

i reflashed the router software of my asus. now it works out of the box! so definitely an issue on ASUS side.

thanks all for help anyway