Hi, does toggleing wireguard client “Enable” button work? or do you have to do “a process of resetting the router, recreating a wireguard server”?
How about change a listen port?
I don’t need to reset the router or recreate the wireguard server. All I have to do is the following:
- turn off the vpn client on the router
- Enable non-vpn traffic
- Wait 30sec - 2 min
- Turn on vpn client on router (at this point, the router is working again but the traffic is not going through my wireguard server).
- Block non-vpn traffic.
- Router starts working with all traffic going through wireguard server.
Also to note, if I reboot the router at any time, the next time that the vpn client will stop working is exactly 24 hr from the reboot time. Today, I rebooted it at 8 AM automatically, I expect 8 AM on Tuesday it will stop working again.
I will try changing the listen port when it next fails to see if that does anything.
I’ve also updated to the latest beta (previously on stable) and will see if that prevents the failure on Tuesday.
I just encountered the the vpn not working at 9:50 PM UTC +1 Monday. I thought the reboot i scheduled in the morning would move the issue to the morning of Tuesday but it didn’t.
I changed the listen port this time, and the vpn client started working again immediately.
Many thanks for the feedback.
Please try the following command:
sed -i 's/echo "ListenPort.*$/:/g' /lib/netifd/proto/wgclient.sh
This will ignore the ListenPort parameter. If that works, we’ll consider a way to merge to the firmware.
I sshed into the router and ran the command. I encountered the same issue tonight but I think we should wait one more day because I think I should have restarted netifd. But I was able to confirm that once again, changing the listen port fixed it right away.
I’ve rebooted the router now. Hopefully tomorrow we can confirm that command addresses the issue.
Ok Issue just happened again. So doesn’t look like ignoring listenPort helped. But there was a difference. With the latest beta firmware, all I have to do is disable and then enable the wireguard vpn client for it to work. No need to change listen port anymore. Also with the beta firmware, when the vpn stops working, it still has the light blue circle showing its “working” when it really isn’t. On the latest stable, it would turn yellow in the same situation which is clearer that the vpn client is not connected to the tunnel.
Thanks for that info, so what the vpn outage duration then?
You’re using beta firmware, right? Please send me a private message with the system log.
Also please check this command output when issue happens:
wg
Sent you direct message with information
After testing and researching for so long, I think I have reproduced your same issue. The conclusion is that when the 51820 port is blocked, there will be a situation where the wireguard cannot be connected, and the interface shows that the connection is successful but actually unsuccessful.
The snapshot firmware addresses this issue by using a different port to communicate with port 51820 each time it reconnects.
If you already add the wireguard conf, and there was a previous auto-generated listen port, please remove it.
2 Likes
Sounds good. Will this solution be cascaded to all Routers on 4.x F/W e.g. the Beryl AX?
Yes, it will be applied to all 4.x FW
1 Like
@hansome
Thank you for the investigation. I will try this snapshot and let you know how it goes.
1 Like
Please generate a configuration backup(http://192.168.8.1/cgi-bin/luci/admin/system/flash) and export log(http://192.168.8.1/#/logview) , send me by PM or email to handongming@gl-inet.com
Did the fake wireguard connection happen? or only a system crash?
Sent you the files through PM.
Looks like system crash and fake wireguard connection happened. I saw exactly same symptoms as before I moved to the snapshot firmware you created.
Thank you very much. I’ll check the logs, do some tests, and get back to you asap.
1 Like