Beryl Wireguard VPN Client Has Randomly Stopped Working (Log included, Please Help)

digitalnomad · January 3, 2023, 2:00am

I have a wireguard vpn setup with one beryl (server) at home and one beryl (client) that I bring with me.

I have DNS set up and it has been working fine the last 3 months until today.

I do not think it is the server router because my vpn config works when testing it on my phone over LTE.

It also may be a problem with the wifi I am using, as the setup works fine when I connect the client router through a hotspot on my phone. It is only when I connect through the apt wifi that the vpn does not connect.

Edit: It also works fine when I setup the wireguard client with Mullvad

Here is the system log right after I click 'Connect" on the VPN tab for the client router:

Mon Jan  2 20:42:47 2023 daemon.info dnsmasq-dhcp[10007]: read /etc/ethers - 0 addresses
Mon Jan  2 20:42:50 2023 user.notice wiregaurd: client stop completed, del glwg.lock
Mon Jan  2 20:42:51 2023 user.info : output={"code":-3,"cloud_enable":false,"check_status":false,"rtty_ssh":true,"rtty_web":true,"serverzone":"","serverzones":["Europe","America","Asia Pacific","China"],"name":"rda107e","username":"","email":"","bindtime":""}
Mon Jan  2 20:44:20 2023 user.notice ucitrack: Setting up /etc/config/network reload dependency on /etc/config/dhcp
Mon Jan  2 20:44:20 2023 user.notice ucitrack: Setting up /etc/config/network reload dependency on /etc/config/radvd
Mon Jan  2 20:44:20 2023 user.notice ucitrack: Setting up /etc/config/wireless reload dependency on /etc/config/network
Mon Jan  2 20:44:20 2023 user.notice ucitrack: Setting up /etc/config/firewall reload dependency on /etc/config/luci-splash
Mon Jan  2 20:44:20 2023 user.notice ucitrack: Setting up /etc/config/firewall reload dependency on /etc/config/qos
Mon Jan  2 20:44:20 2023 user.notice ucitrack: Setting up /etc/config/firewall reload dependency on /etc/config/miniupnpd
Mon Jan  2 20:44:20 2023 user.notice ucitrack: Setting up /etc/config/dhcp reload dependency on /etc/config/odhcpd
Mon Jan  2 20:44:20 2023 user.notice ucitrack: Setting up non-init /etc/config/fstab reload handler: /sbin/block mount
Mon Jan  2 20:44:21 2023 user.notice ucitrack: Setting up /etc/config/system reload dependency on /etc/config/luci_statistics
Mon Jan  2 20:44:21 2023 user.notice ucitrack: Setting up /etc/config/system reload dependency on /etc/config/dhcp
Mon Jan  2 20:44:25 2023 daemon.err uhttpd[15802]: bind(): Address in use
Mon Jan  2 20:44:25 2023 daemon.err uhttpd[15802]: bind(): Address in use
Mon Jan  2 20:45:50 2023 user.debug : ------ss-redir is not running!------
Mon Jan  2 20:45:50 2023 user.notice wireguard: wireguard client start
Mon Jan  2 20:45:51 2023 daemon.info dnsmasq[10007]: exiting on receipt of SIGTERM
Mon Jan  2 20:45:52 2023 user.notice dnsmasq: DNS rebinding protection is active, will discard upstream RFC1918 responses!
Mon Jan  2 20:45:52 2023 user.notice dnsmasq: Allowing 127.0.0.0/8 responses
Mon Jan  2 20:45:52 2023 daemon.info dnsmasq[19641]: started, version 2.80 cachesize 150
Mon Jan  2 20:45:52 2023 daemon.info dnsmasq[19641]: DNS service limited to local subnets
Mon Jan  2 20:45:52 2023 daemon.info dnsmasq[19641]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth nettlehash DNSSEC no-ID loop-detect inotify dumpfile
Mon Jan  2 20:45:52 2023 daemon.info dnsmasq-dhcp[19641]: DHCP, IP range 192.168.8.100 -- 192.168.8.249, lease time 12h
Mon Jan  2 20:45:52 2023 daemon.info dnsmasq[19641]: using local addresses only for domain test
Mon Jan  2 20:45:52 2023 daemon.info dnsmasq[19641]: using local addresses only for domain onion
Mon Jan  2 20:45:52 2023 daemon.info dnsmasq[19641]: using local addresses only for domain localhost
Mon Jan  2 20:45:52 2023 daemon.info dnsmasq[19641]: using local addresses only for domain local
Mon Jan  2 20:45:52 2023 daemon.info dnsmasq[19641]: using local addresses only for domain invalid
Mon Jan  2 20:45:52 2023 daemon.info dnsmasq[19641]: using local addresses only for domain bind
Mon Jan  2 20:45:52 2023 daemon.info dnsmasq[19641]: using local addresses only for domain lan
Mon Jan  2 20:45:52 2023 daemon.info dnsmasq[19641]: reading /tmp/resolv.conf.vpn
Mon Jan  2 20:45:52 2023 daemon.info dnsmasq[19641]: using local addresses only for domain test
Mon Jan  2 20:45:52 2023 daemon.info dnsmasq[19641]: using local addresses only for domain onion
Mon Jan  2 20:45:52 2023 daemon.info dnsmasq[19641]: using local addresses only for domain localhost
Mon Jan  2 20:45:52 2023 daemon.info dnsmasq[19641]: using local addresses only for domain local
Mon Jan  2 20:45:52 2023 daemon.info dnsmasq[19641]: using local addresses only for domain invalid
Mon Jan  2 20:45:52 2023 daemon.info dnsmasq[19641]: using local addresses only for domain bind
Mon Jan  2 20:45:52 2023 daemon.info dnsmasq[19641]: using local addresses only for domain lan
Mon Jan  2 20:45:52 2023 daemon.info dnsmasq[19641]: using nameserver 64.6.64.6#53
Mon Jan  2 20:45:52 2023 daemon.info dnsmasq[19641]: read /etc/hosts - 4 addresses
Mon Jan  2 20:45:52 2023 daemon.info dnsmasq[19641]: read /tmp/hosts/dhcp.cfg01411c - 2 addresses
Mon Jan  2 20:45:52 2023 daemon.info dnsmasq-dhcp[19641]: read /etc/ethers - 0 addresses
Mon Jan  2 20:45:56 2023 user.info mwan3rtmon[2599]: Detect rtchange event.
Mon Jan  2 20:45:56 2023 user.notice wiregaurd: client start completed, del glwg.lock
Mon Jan  2 20:50:02 2023 user.notice wireguard: wireguard client stop
Mon Jan  2 20:50:03 2023 daemon.info dnsmasq[19641]: exiting on receipt of SIGTERM
Mon Jan  2 20:50:03 2023 user.notice dnsmasq: DNS rebinding protection is active, will discard upstream RFC1918 responses!
Mon Jan  2 20:50:03 2023 user.notice dnsmasq: Allowing 127.0.0.0/8 responses
Mon Jan  2 20:50:04 2023 daemon.info dnsmasq[30517]: started, version 2.80 cachesize 150
Mon Jan  2 20:50:04 2023 daemon.info dnsmasq[30517]: DNS service limited to local subnets
Mon Jan  2 20:50:04 2023 daemon.info dnsmasq[30517]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth nettlehash DNSSEC no-ID loop-detect inotify dumpfile
Mon Jan  2 20:50:04 2023 daemon.info dnsmasq-dhcp[30517]: DHCP, IP range 192.168.8.100 -- 192.168.8.249, lease time 12h
Mon Jan  2 20:50:04 2023 daemon.info dnsmasq[30517]: using local addresses only for domain test
Mon Jan  2 20:50:04 2023 daemon.info dnsmasq[30517]: using local addresses only for domain onion
Mon Jan  2 20:50:04 2023 daemon.info dnsmasq[30517]: using local addresses only for domain localhost
Mon Jan  2 20:50:04 2023 daemon.info dnsmasq[30517]: using local addresses only for domain local
Mon Jan  2 20:50:04 2023 daemon.info dnsmasq[30517]: using local addresses only for domain invalid
Mon Jan  2 20:50:04 2023 daemon.info dnsmasq[30517]: using local addresses only for domain bind
Mon Jan  2 20:50:04 2023 daemon.info dnsmasq[30517]: using local addresses only for domain lan
Mon Jan  2 20:50:04 2023 daemon.info dnsmasq[30517]: reading /tmp/resolv.conf.auto
Mon Jan  2 20:50:04 2023 daemon.info dnsmasq[30517]: using local addresses only for domain test
Mon Jan  2 20:50:04 2023 daemon.info dnsmasq[30517]: using local addresses only for domain onion
Mon Jan  2 20:50:04 2023 daemon.info dnsmasq[30517]: using local addresses only for domain localhost
Mon Jan  2 20:50:04 2023 daemon.info dnsmasq[30517]: using local addresses only for domain local
Mon Jan  2 20:50:04 2023 daemon.info dnsmasq[30517]: using local addresses only for domain invalid
Mon Jan  2 20:50:04 2023 daemon.info dnsmasq[30517]: using local addresses only for domain bind
Mon Jan  2 20:50:04 2023 daemon.info dnsmasq[30517]: using local addresses only for domain lan
Mon Jan  2 20:50:04 2023 daemon.info dnsmasq[30517]: using nameserver 192.168.100.1#53
Mon Jan  2 20:50:04 2023 daemon.info dnsmasq[30517]: read /etc/hosts - 4 addresses
Mon Jan  2 20:50:04 2023 daemon.info dnsmasq[30517]: read /tmp/hosts/dhcp.cfg01411c - 2 addresses
Mon Jan  2 20:50:04 2023 daemon.info dnsmasq-dhcp[30517]: read /etc/ethers - 0 addresses
Mon Jan  2 20:50:07 2023 user.notice wiregaurd: client stop completed, del glwg.lock
Mon Jan  2 20:50:46 2023 user.debug : ------ss-redir is not running!------
Mon Jan  2 20:50:46 2023 user.notice wireguard: wireguard client start
Mon Jan  2 20:50:47 2023 daemon.info dnsmasq[30517]: exiting on receipt of SIGTERM
Mon Jan  2 20:50:47 2023 user.notice dnsmasq: DNS rebinding protection is active, will discard upstream RFC1918 responses!
Mon Jan  2 20:50:47 2023 user.notice dnsmasq: Allowing 127.0.0.0/8 responses
Mon Jan  2 20:50:47 2023 daemon.info dnsmasq[32756]: started, version 2.80 cachesize 150
Mon Jan  2 20:50:47 2023 daemon.info dnsmasq[32756]: DNS service limited to local subnets
Mon Jan  2 20:50:47 2023 daemon.info dnsmasq[32756]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth nettlehash DNSSEC no-ID loop-detect inotify dumpfile
Mon Jan  2 20:50:47 2023 daemon.info dnsmasq-dhcp[32756]: DHCP, IP range 192.168.8.100 -- 192.168.8.249, lease time 12h
Mon Jan  2 20:50:47 2023 daemon.info dnsmasq[32756]: using local addresses only for domain test
Mon Jan  2 20:50:47 2023 daemon.info dnsmasq[32756]: using local addresses only for domain onion
Mon Jan  2 20:50:47 2023 daemon.info dnsmasq[32756]: using local addresses only for domain localhost
Mon Jan  2 20:50:47 2023 daemon.info dnsmasq[32756]: using local addresses only for domain local
Mon Jan  2 20:50:47 2023 daemon.info dnsmasq[32756]: using local addresses only for domain invalid
Mon Jan  2 20:50:47 2023 daemon.info dnsmasq[32756]: using local addresses only for domain bind
Mon Jan  2 20:50:47 2023 daemon.info dnsmasq[32756]: using local addresses only for domain lan
Mon Jan  2 20:50:47 2023 daemon.info dnsmasq[32756]: reading /tmp/resolv.conf.vpn
Mon Jan  2 20:50:47 2023 daemon.info dnsmasq[32756]: using local addresses only for domain test
Mon Jan  2 20:50:47 2023 daemon.info dnsmasq[32756]: using local addresses only for domain onion
Mon Jan  2 20:50:47 2023 daemon.info dnsmasq[32756]: using local addresses only for domain localhost
Mon Jan  2 20:50:47 2023 daemon.info dnsmasq[32756]: using local addresses only for domain local
Mon Jan  2 20:50:47 2023 daemon.info dnsmasq[32756]: using local addresses only for domain invalid
Mon Jan  2 20:50:47 2023 daemon.info dnsmasq[32756]: using local addresses only for domain bind
Mon Jan  2 20:50:47 2023 daemon.info dnsmasq[32756]: using local addresses only for domain lan
Mon Jan  2 20:50:47 2023 daemon.info dnsmasq[32756]: using nameserver 64.6.64.6#53
Mon Jan  2 20:50:47 2023 daemon.info dnsmasq[32756]: read /etc/hosts - 4 addresses
Mon Jan  2 20:50:47 2023 daemon.info dnsmasq[32756]: read /tmp/hosts/dhcp.cfg01411c - 2 addresses
Mon Jan  2 20:50:47 2023 daemon.info dnsmasq-dhcp[32756]: read /etc/ethers - 0 addresses
Mon Jan  2 20:50:51 2023 user.info mwan3rtmon[2599]: Detect rtchange event.
Mon Jan  2 20:50:51 2023 user.notice wiregaurd: client start completed, del glwg.lock

hansome · January 3, 2023, 4:28pm

It seems “the apt wifi” network block some UDP traffic. Please try to use a random port at wireguard client side. By command:

cp /etc/config/wireguard /root/wireguard.bak
sed -i '/listen_port/d' /etc/config/wireguard

then restart wireguard client. If that doesn’t work. Maybe ask “the apt wifi” administrator.

digitalnomad · January 3, 2023, 4:35pm

Could you point out which lines in the log indicate this? I’m sort of interested in this stuff and would like to learn what I can along the way

Also I am not familiar with running commands, is there a terminal somewhere I can input the commands you listed out?

hansome · January 3, 2023, 5:00pm

FYI, to use ssh.
The log shows wg client is stuck for further info print, unlike a successful connection.

digitalnomad · January 3, 2023, 5:10pm

I am using bitvise and getting this error

root@GL-MT1300:~# cp /ect/config/wireguard /root/wireguard.bak
cp: can’t stat ‘/ect/config/wireguard’: No such file or directory

digitalnomad · January 3, 2023, 5:40pm

Never mind, I had “ect” instead of “etc”.

I ran the commands and restarted the router, but it just made it so it wouldn’t connect to the vpn at all, so it wouldn’t even list the “abort” option. Looking at the config, running the commands removed the listening port. I added this back to what it was before and now it seems to be working fine? Not sure why.

hansome · January 4, 2023, 10:22am

Sorry that I made a mistake. The listen port can not be removed in the current firmware.
Run get back to original setup,

cp /root/wireguard.bak /etc/config/wireguard

and tweak listen port here:

If any port cannot access the wireguard server, it must be “the apt wifi” issue.

digitalnomad · January 4, 2023, 4:52pm

I’ll run this command. What I have been doing is tweaking the listen port by changing a number or two, and then the VPN works fine for maybe an hour before it disconnects and I have to tweak it again. The apt wifi has been working fine the last month, it is only recently this has been happening. Any other ideas?

digitalnomad · January 4, 2023, 5:21pm

I’m in the router settings of the apt wifi but I do not see anything that suggests ports are being blocked. The router is a HG8245H (huawei).

hansome · January 5, 2023, 10:22am

It may be server side or middle device that failed certain UDP ports. Could we start a remote desktop session to have a check, by PM message?

digitalnomad · January 5, 2023, 4:52pm

Yes I will message you

digitalnomad · January 5, 2023, 5:01pm

I think I sent you a message, not sure how messaging works on here haha. If you didn’t get anything send me one.

hansome · January 6, 2023, 2:28am

Update:

We changed to a smaller MTU, the connection gets successful. Let’s see if there is an improvement.

digitalnomad · January 9, 2023, 7:49pm

Update: Lowering MTU did not fix the issue, future troubleshooting session required.