GL-SFT1200 wgclient ACTION=KEYPAIR-CREATED

laki · May 14, 2024, 12:37pm

Hi I keep getting this message generated every two minutes in my peer client
Kernel version is 4.14.90

Tue May 14 08:19:01 2024 kern.info kernel: [118965.380234] wireguard: wireguard-hotplug IFNAME=wgclient ACTION=KEYPAIR-CREATED
Tue May 14 08:21:01 2024 kern.info kernel: [119085.512826] wireguard: wireguard-hotplug IFNAME=wgclient ACTION=KEYPAIR-CREATED
Tue May 14 08:23:02 2024 kern.info kernel: [119205.553429] wireguard: wireguard-hotplug IFNAME=wgclient ACTION=KEYPAIR-CREATED
Tue May 14 08:25:02 2024 kern.info kernel: [119325.936928] wireguard: wireguard-hotplug IFNAME=wgclient ACTION=KEYPAIR-CREATED

hecatae · May 14, 2024, 1:05pm

Is your Opal the wg client or the wg server?
Are you on 4.3.11?

laki · May 14, 2024, 1:28pm

log is from the client, both client and server are on 4.3.11
Also to mention that both client and server are in same network each setup as a router. Then there is a ISP router at the top hierarchy that I open a firewall port to the server.
Initially it worked fine for couple of days then I keep getting this message in the VPN client log.

hecatae · May 14, 2024, 2:27pm

Sorry you have lost me, can you give a network diagram

laki · May 14, 2024, 2:51pm

My initial setup is that both GL-SFT1200 client and server are on the same network setup as routers.

There is main router that connects to ISP/Wan, Opal client and server are on the on main routers network

admon · May 14, 2024, 2:56pm

If both devices are in the same network you will create a routing loop by enabling the VPN - this could be an issue.

laki · May 23, 2024, 1:43pm

I am outside my network, I get same errror and my outside IP is of the current outside ISP.
Which means connections is not going via my home VPN.
Does anyone has same errror ? Or can tell me what the error means.

admon · May 23, 2024, 1:45pm

That's not an error.

Please check How to troubleshoot WireGuard

laki · May 24, 2024, 6:36am

I dont see anything wrong on the setup.

Just to test my all devices and port forwarding I setup openVpn server and client. This works, which means my ISP router is doing port forwarding.
Its sad that no one can assist with this error, I might return those routers since they seem to useles.

admon · May 24, 2024, 6:37am

If you need more assistance, please share an diagram of your network (using draw.io) plus your wireguard config (minus the private keys). See How to get support quickly

alzhao · May 24, 2024, 9:18am

Pls send details of your network setup, including:

Main router WAN status showing your public IP
Main router port forward setting
GL.iNet VPN router WAN status
GL.iNet VPN server status

laki · May 24, 2024, 4:42pm

laki · May 24, 2024, 4:42pm

WireGuard Client

[Interface]
Address = 10.0.0.2/24
PrivateKey = oBZasY1ctFiFl0WQffGsau+GAt9FCwGRNxVgO19hUUA=
DNS = 192.168.8.1
MTU = 1420

[Peer]
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = XXXXXX.glddns.com:51820
PersistentKeepalive = 25
PublicKey = Z6TSnromRiLZleDiBMgSDD74B6XjJc2wdiwpg/G2Yhk=

laki · May 24, 2024, 4:45pm

Not sure if related but my log files always Refetching server certificates

Fri May 24 12:27:51 2024 daemon.info dnscrypt-proxy[4638]: dnscrypt-proxy Server key fingerprint is C1A0:0E5A:2367:8813:6928:D7B4:DBE2:FFF3:CB95:6BCF:03C3:CC20:559B:043F:2F1D:E82A
Fri May 24 12:29:00 2024 daemon.info dnscrypt-proxy[4641]: dnscrypt-proxy Refetching server certificates
Fri May 24 12:29:00 2024 daemon.info dnscrypt-proxy[4641]: dnscrypt-proxy Server certificate with serial #1 received
Fri May 24 12:29:00 2024 daemon.info dnscrypt-proxy[4641]: dnscrypt-proxy This certificate is valid
Fri May 24 12:29:00 2024 daemon.info dnscrypt-proxy[4641]: dnscrypt-proxy Chosen certificate #1 is valid from [2024-05-24] to [2024-05-25]
Fri May 24 12:29:00 2024 daemon.info dnscrypt-proxy[4641]: dnscrypt-proxy Using version 2.0 of the DNSCrypt protocol
Fri May 24 12:29:00 2024 daemon.info dnscrypt-proxy[4641]: dnscrypt-proxy Server key fingerprint is 9C3F:7B53:AC31:56B0:C4A5:A0E4:1089:F131:D765:09E5:6E05:D249:FCD8:F2D4:C13E:DC61
Fri May 24 12:29:39 2024 daemon.info dnscrypt-proxy[4642]: dnscrypt-proxy Refetching server certificates
Fri May 24 12:29:39 2024 daemon.info dnscrypt-proxy[4642]: dnscrypt-proxy Server certificate with serial #1 received
Fri May 24 12:29:39 2024 daemon.info dnscrypt-proxy[4642]: dnscrypt-proxy This certificate is valid
Fri May 24 12:29:39 2024 daemon.info dnscrypt-proxy[4642]: dnscrypt-proxy Chosen certificate #1 is valid from [2024-05-24] to [2024-05-25]
Fri May 24 12:29:39 2024 daemon.info dnscrypt-proxy[4642]: dnscrypt-proxy Using version 2.0 of the DNSCrypt protocol
Fri May 24 12:29:39 2024 daemon.info dnscrypt-proxy[4642]: dnscrypt-proxy Server key fingerprint is 2D1E:3DF9:E361:BEED:A868:A41E:C699:AB91:BFFA:2C6C:EB2F:7B6D:5CD8:B41E:4D81:183A
Fri May 24 12:29:45 2024 daemon.info dnscrypt-proxy[4644]: dnscrypt-proxy Refetching server certificates
Fri May 24 12:29:45 2024 daemon.info dnscrypt-proxy[4640]: dnscrypt-proxy Refetching server certificates
Fri May 24 12:29:45 2024 daemon.info dnscrypt-proxy[4643]: dnscrypt-proxy Refetching server certificates
Fri May 24 12:29:46 2024 daemon.info dnscrypt-proxy[4645]: dnscrypt-proxy Refetching server certificates
Fri May 24 12:30:00 2024 daemon.err dnscrypt-proxy[4644]: dnscrypt-proxy Unable to retrieve server certificates
Fri May 24 12:30:00 2024 daemon.err dnscrypt-proxy[4640]: dnscrypt-proxy Unable to retrieve server certificates
Fri May 24 12:30:00 2024 daemon.err dnscrypt-proxy[4643]: dnscrypt-proxy Unable to retrieve server certificates
Fri May 24 12:30:01 2024 daemon.err dnscrypt-proxy[4645]: dnscrypt-proxy Unable to retrieve server certificates

laki · May 25, 2024, 1:11pm

Hi see below and let me know what you think

buntspext · May 25, 2024, 6:16pm

Frequent Certificate Refetches: The logs show that dnscrypt-proxy is frequently refetching server certificates. This is usually done to ensure that the certificates are up-to-date and the connection remains secure. However, the frequency here seems unusually high.

Certificate Validity Issues: Some log entries indicate that retrieved certificates are valid, but others show failures to retrieve them ("Unable to retrieve server certificates"). This suggests intermittent problems with certificate retrieval or validation.

Multiple Instances: The logs reveal multiple instances of dnscrypt-proxy running concurrently (e.g., 4640, 4641, etc.). This might be part of the configuration or a sign of unexpected behavior.

admon · May 25, 2024, 6:21pm

Thanks, ChatGPT
But this isn't the question.

laki · May 26, 2024, 2:42am

For the record ,
I also have a GL.iNet GL-AR300M, so I connected GL.iNet GL-AR300M and used same wireguard client config file and I dont have any of the errors I get with GL-SFT1200 . No errors related to wireguard neither Refetching server certificates.

GL.iNet GL-AR300M has 4.3.11 release3 .
This makes me believe issue is with GL-SFT1200, which I guess I am returning.

alzhao · May 26, 2024, 3:32am

Can you pm me a config to try?
I don’t think there is any difference in the routers.

laki · May 26, 2024, 3:45am

which config file you looking for ?