Flint Stuck in endless loop on Wireguard start

Here is my endless loop :
“Sat Aug 27 08:52:09 2022 daemon.notice netifd: Interface ‘wgclient’ is setting up now\nSat Aug 27 08:52:17 2022 user.notice wireguard-debug: USER=root ifname=wgclient ACTION=REKEY-TIMEOUT SHLVL=2 HOME=/ HOTPLUG_TYPE=wireguard LOGNAME=root DEVICENAME= TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin PWD=/\nSat Aug 27 08:52:23 2022 user.notice wireguard-debug: USER=root ifname=wgclient ACTION=REKEY-TIMEOUT SHLVL=2 HOME=/ HOTPLUG_TYPE=wireguard LOGNAME=root DEVICENAME= TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin PWD=/\nSat Aug 27 08:52:28 2022 user.notice wireguard-debug: USER=root ifname=wgclient ACTION=REKEY-TIMEOUT SHLVL=2 HOME=/ HOTPLUG_TYPE=wireguard LOGNAME=root DEVICENAME= TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin PWD=/\nSat Aug 27 08:52:33 2022 user.notice wireguard-debug: USER=root ifname=wgclient ACTION=REKEY-TIMEOUT SHLVL=2 HOME=/ HOTPLUG_TYPE=wireguard LOGNAME=root DEVICENAME= TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin PWD=/\nSat Aug 27 08:52:38 2022 user.notice wireguard-debug: USER=root ifname=wgclient ACTION=REKEY-TIMEOUT SHLVL=2 HOME=/ HOTPLUG_TYPE=wireguard LOGNAME=root DEVICENAME= TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin PWD=/\n”

it looks like @alzhao 's one
do you have any suggestions ? :slightly_frowning_face:

I tested one that has this problem and it turns out the config is not valid.

Is there anyone that can send me a valid config that has rekey problem.

@alzhao, I’m having the same issue when trying to connect to my WireGuard server running on a Mikrotik router. I have multiple devices connecting to it without problems. Here is the config I have used on Slate AX (I have removed the endpoint address and private and pre-shared keys)

[Interface]
Address = 10.7.0.4/32
ListenPort = 22344
PrivateKey = PRIVATE_KEY
DNS = 10.7.0.1

[Peer]
AllowedIPs = 0.0.0.0/0
Endpoint = ENDPOINT_ADDRESS:PORT
PersistentKeepalive = 25
PublicKey = md7hAe+31eB8r+lH+j7/XokkSiLD4GTQhPh8hw9u7VA=
PresharedKey = PRESHARED_KEY

Is there a way to get more logging out of it? It would be nice to see what the actual error causing these re-tries is.

Can you check when having the problem, is the router’s timezone, date and time are correct?

I have verified that timezone and date/time are correct.

FYI…I’m using the Flint Router with Wireguard (Not using Torguard) and do not have any problem with Wireguard (Using Surfshark which just went with Router Manual Configurations)…

I am not sure, the config was invalid …

@alzhao I also have the same infinite loop error - “REKEY-TIMEOUT” when attempting to connect to Wireguard from a GL-AX1800 router with firmware v4.0.2. I tried syncing the timezone, rebooting the router, removing all wireguard configs and redownloading them but it still isn’t working. It was working a month ago, but then just stopped letting me connect. Let me know what other helpfull information i can provide.

Can you send me a working wireguard so that I can test directly?

I I have the same issue here too is the problem fixed?
I have a brand new AX1800 4.0.3
the Wireguard server is a mv 1000 with 3.215 both in the same time zone

Thanks

I’m having the same issues with a GL-A1300 with firmware v4.0, WireGuard would not connect, OpenVPN works though.

has this issue been fixed? i bought the slate AXT1800 to specifically run a wireguard tunnel and it does not work. Experiencing the same ACTION=REKEY-TIMEOUT loop timeout.

I just purchased the AXT1800 and I am having the same problem with client loop.My logs look the same as above.

Server details:
New AXT1800 set up as wireguard server, using DDNS, ddns bypass vpn in global options, router mode, ISP modem/router combo in bridge mode

Client details:
New AXT1800 set up as wireguard client.

I have:
Verfied timezone/date/time sync
Tried every method of config upload/entry on client
Reset router
Re-generated config on router 2X
Tried to manually configure in wireguard ios app for alternative testing, “connects” but no internet.

Pls note, if you vpn cannot connect at all, it is not this problem. The thread is talking about vpn can connect but broken for no reason.

Did you:

  1. change LAN IP of at least one router from 192.168.8.1 to others
  2. Have you verified the ddns is correctly resolved?
  3. Do you have vpn client configured on server AXT1800?

@stickybit

All he has been saying for months on multiple threads where many people complained about the same

  1. I cant replicate at my end - what is he using? a windows xp?
  2. Your provided config is wrong - yet people are connecting with the same config on other routers
  3. Your vpn doesnt work - yet people are connecting with the same config on other routers

and keeps asking for configs
When repeatedly people have said , the configs work on other systems.

@alzhao Stop pointing fingers at others . Clearly its your device/firmware issue. Own it take responsibility and fix it rather than asking people for configs. I can assure u that u will never be able to replicate/or the config will be invalid if you are not willing to own ur mistakes

We did not spend 3 times the money of a normal router(on most of which openwrt can be install eitherways) to go through this and do ur job to debug ur buggy system . We paid more to get the product and service . It’s ridiculous to say i cant replicate at my end … Get ur own devices/ur own configs/servers whatever to replicate and find a solution.

It is not our job to provide you with configs. The vpns and servers run clearly elsewhere its your system problem. Admit and fix it

1 Like

@alzhao the issue is that we can’t connect at all using Wireguard, the outgoing configs are not the issue since OpenVpn works and portforward work.

It is an infinite loop where we see the timeouts.

strange but if you will manually assign dns servers (to public google for eg.) and disable ipv6, wireguard connects without any issue. when dns is set on auto, and/or ipv6 enabled… endless loop (rekey blah blah).

Oh dam is it fw3 to fw4 migration issue again
If you are on openwrt 22.03.x NFTables are starting to be used. Config files that are created pry to 22.03.x use IPtables. Best solution I have found is set up everything from scratch and make a config based on that.

If you have issues need to provide something. Otherwise how to solve.

I supported many many users. They decided the method how to help, e.g. providing config (usually for openvpn) or do remote check. I solved many cases related to Wireguard already.

Sorry for my bad English. What do you mean?

I didn’t say the firmware has no issues.
I do replicte the problem and solved some cases. The TIMEOUT message is a very general message and it could relate to a lot of different cases.

Besides it might be the iptables to nftables issue,
Could anyone check what the result is if you remove the preshared key option both from server and client?, I believe for openvpn that is a tls key.

When I hosted my own openvpn server a really long time ago, it only complicated configuration, you want the config as simple as possible to get a start.