FLINT AX1800 Wireguard VPN Disconnection and killswitch VLAN issue and Tailscale

sevven · January 27, 2023, 6:19pm

Hello, I had been experiencing prior issues on the Flint so I updated to the latest firmware 4.2 beta2 however I am still experiencing VPN disconnection issues. See time 16:31 onwards on the first block of log entries, Jan 26.

There also needs to be a kill-switch when using the VLAN Policy Base option for the VPN, when Wireguard disconnects some of my devices are leaking through the private VLAN where I have enabled VPN Policy. Using the “Block Non-VPN Traffic” Global option blocks the VLAN that does not use the VPN tunnel.

Also the log needs to store more records, I am noticing even though I don’t have tailscale enabled there are a lot of entries around the time connection is lost so some vital information could be missing because of this. See start of log entries, Jan 26 and Jan 27.

The second block of log entries, Jan 27, the device became unresponsive and WiFi stopped being broadcast however I don’t know if it was a wireguard problem, had to pull he plug and once up it re-establish the Wiregaurd VPN automatically but again there has been a lot of tailscale activity even though I don’t have tailscale enabled.

jan26_system.zip (7.9 KB)
jan27_system.zip (7.6 KB)

luochongjun · January 30, 2023, 4:27am

wireguard disconnect issues we have found some causes, a new beta firmware will be available this week.

niyin · January 30, 2023, 10:20am

on the question of tailscale, do you keep the original configuration for the upgrade?

sevven · February 8, 2023, 7:36pm

Seems to have settled out the issue. I have only once experienced disconnection once but it came back up, and I didn’t need to pull the power.

sevven · February 27, 2023, 4:05am

Hello, I experienced wire-guard vpn connection losing connectivity and not reconnecting until I rebooted the router. This time around though the router was responsive, I was able to login and reboot from the web interface without having to pull the power cable and was able to get the logs.

feb27_03:10_system.zip (15.7 KB)

luochongjun · February 27, 2023, 8:44am

This appears to be a state maintenance error, and I notice that wireguard reconnected successfully, but the system is not monitoring this state properly.
Our code is as follow:

if [ "${ACTION}" = "KEYPAIR-CREATED" -a "${ifname}" = "wgclient" ]; then
	logger -t wireguard-debug `env`
	[ -f /tmp/wireguard/"${ifname}"_state ] || exit 0
	state="$(cat /tmp/wireguard/"${ifname}"_state)"
	[ "$state" = "connecting" ] || exit 0
	
	netifd_update $ifname
	echo "connected" >/tmp/wireguard/"${ifname}"_state
fi

In the above code, connection events are processed only when the /tmp/wireguard/wgclient_state file is a connecting value, and not when it is a different value. Therefore, when a problem occurs, You can examine the contents of the /tmp/wireguard/wgclient_state file