For some reason the local dnsmasq DNS server (127.0.0.1) does not accept request from loopback anymore which means opkg update fails when wireguard is active.
This happens when 127.0.0.1 is set as DNS in /etc/resolv.conf in the router.
I set in the DNS config also to ignore resolv.conf to prevent DNS leaks (which never made a problem so far).
This can be tested with the command in openwrt:
nslookup google.com 127.0.0.1
On 4.5.8 it responds to DNS requests.
At the beginning the LED of the Flint 2 was blinking around every 2-3 minutes for around 30 seconds, indicating that there was no connection, therefore the wireguard connection was interrupted several times (problem with the WAN port or related to the DNS server on localhost not responding?).
I also tested the wireguard connection with Proton VPN and had the same problem.
The only firewall change I did was removing WAN from the LAN -> WAN/wgclient zone, to make sure that there really is no WAN traffic over LAN. I did this with many OpenWRT (also 4.5.8) installations in the past without problems.
I also had two crashes without anything in the crashlogs.
Was something changed about the firewall rules in 4.7.7? I noticed there is some port forwarding for DNS.
Edit2:
Could it be that Flint 2 is dropping pings? While a ping is showing me some massive packet loss I can use the internet fine.
Edit3:
I did some further testing.
Either I have some massive ping loss (99% according to MTR) but surfing via the VPN is fine
or I have some massive ping loss AND surfing via the VPN leads to a timeout, also no more DNS resolving is possible.
After a wireguard reconnection the line is stable for around 2 mins until it causes the mentioned symptoms again. Both via Mullvad and ProtonVPN.
When I disable the WG VPN everything is working fine.
The screenshot shows the situation where no more surfing is possible.
Via Fiber:
I even tested the same constellation via my DSL backup line, which uses a different ISP. It produces the same symptoms.
Via DSL:
Here some ping over DSL when there is packet loss according to MTR but the connection is working fine:
The good news:
With 4.8.0 I do not have connection problems to websites. The general packet loss seem to be a ProtonVPN problem but does not influence the connectivity. I will redo the test with another VPN.