A lot of users feedback that in Firmware 4.x Wireguard has REKEY-TIMEOUT loops. This thread just want to have a summary so that you classify your issue in the correct category and go in the right direction.
I will list some cases that I have solutions and some cases I am not sure.
Please note, REKEY-TIMEOUT is a general message and it does not contains info about the reason. Wireguard has too little info in the log.
Scenario 1: Wireguard does not connect at all
- Most of the cases are in this scenario. If wireguard does not connect at all, the general reason is that the server is not reachable or config not correct.
- If this is your own server, have to make sure your are doing port forward correctly.
- Some ISP blocks UDP port so your port forward may not work. Some ISP have a advanced firewall so you have extra settings in order to make your port forward work normally.
- Some user also report that copy and paste caused the problems, but I don’t have a clue why.
- If this happens to you, please try the wireguard on your phone or windows to make sure it works.
- If you use Flint or Slate AX as wireguard server in firmware 4.0 or 4.1, when you active vpn client and server at the same time, you cannot connect to the vpn server from the Internet. This is called vpn cascading and pls upgrade to 4.2.0.
Scenario 2: Wireguard connects but has intermittent breaks and cannot connect by itself
Some users reported such cases. I believe this happens but it is very difficult for me to replicate this issue.
- Several feedbacks that this problems resolved by itself so could not track more.
- One user said it is related to his 5G network.
- One nice users gave me some info that this may be related to 4G/5G network which has MTU limitations. He needs to adjust the Wireguard MTU 1324 and lower to make it connect well. If this is your case pls adjust the MTU lower to see if works better.
What to do when you met this problem:
- Make sure the wireguard is valid by using the exact same config on your phone or pc.
- Make sure the wireguard server side has correct setup, e.g. port forward
- If you want to bring this issue up to me, please give me these info:
- What is the router model and firmware version
- Are you using 4G network? What is your ISP?
- Are you using IPV6?
- Are you using DDNS in the wireguard config end point?
- Is this your own wireguard server (a GL.iNet router, Netgear or Asus) or a commercial Wireguard service?
- Are you using vpn policy, adguard home etc?
If this is your own Wireguard server, the easiest way is to send one config to me to try out directly, if possible.